utgard 1.0 ABB Industrial it running on win2K

413 views

Skip to first unread message

jr4...@hotmail.de

unread,

Jun 18, 2013, 4:36:43 PM6/18/13

to open...@googlegroups.com

Hello @All

has anyone experience to connect to a ABB installation.
Using Matrikon Simulation Server works well,
but i'm not able to connect to the CS of the ABB installation.

Alway error >>org.jinterop.dcom.common.JIException: Access is denied. [0x80070005]<< appeared.

Some information about the installation:
local network, - no firewalls - with exclusive Domain Controller
2 OPC Servers as rundancy installation

The utgard runs on winXP prof SP3

It seems, the audentification goes wrong concerning the wireshark log, because the hostname, I marked in red, is wrong, but not parameterized.

Thanks a lot for some ideas.

JR

No.     Time           Source                Destination           Protocol Length Info
     49 3.792180000    172.16.0.83           172.16.0.41           DCERPC   258    AUTH3: call_id: 0 Fragment: Single, NTLMSSP_AUTH, User: SG5.TKN\Administrator

Frame 49: 258 bytes on wire (2064 bits), 258 bytes captured (2064 bits) on interface 0
    Interface id: 0
    WTAP_ENCAP: 1
    Arrival Time: Jun 18, 2013 10:38:03.292311000 CEST
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1371544683.292311000 seconds
    [Time delta from previous captured frame: 0.082637000 seconds]
    [Time delta from previous displayed frame: 0.082637000 seconds]
    [Time since reference or first frame: 3.792180000 seconds]
    Frame Number: 49
    Frame Length: 258 bytes (2064 bits)
    Capture Length: 258 bytes (2064 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:dcerpc]
    [Coloring Rule Name: DCERPC]
    [Coloring Rule String: dcerpc]
Ethernet II, Src: Asiarock_34:82:68 (00:0b:6a:34:82:68), Dst: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)
    Destination: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)
        Address: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: Asiarock_34:82:68 (00:0b:6a:34:82:68)
        Address: Asiarock_34:82:68 (00:0b:6a:34:82:68)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
    Total Length: 244
    Identification: 0x02ff (767)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (6)
    Header checksum: 0x9e68 [correct]
        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: encrypted-admin (1138), Dst Port: epmap (135), Seq: 132, Ack: 207, Len: 204
    Source port: encrypted-admin (1138)
    Destination port: epmap (135)
    [Stream index: 1]
    Sequence number: 132    (relative sequence number)
    [Next sequence number: 336    (relative sequence number)]
    Acknowledgment number: 207    (relative ack number)
    Header length: 20 bytes
    Flags: 0x018 (PSH, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 1... = Push: Set
        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
    Window size value: 65329
    [Calculated window size: 65329]
    [Window size scaling factor: -2 (no window scaling used)]
    Checksum: 0x8ad2 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]
        [Bytes in flight: 204]
Distributed Computing Environment / Remote Procedure Call (DCE/RPC) AUTH3, Fragment: Single, FragLen: 204, Call: 0
    Version: 5
    Version (minor): 0
    Packet type: AUTH3 (16)
    Packet Flags: 0x03
        0... .... = Object: Not set
        .0.. .... = Maybe: Not set
        ..0. .... = Did Not Execute: Not set
        ...0 .... = Multiplex: Not set
        .... 0... = Reserved: Not set
        .... .0.. = Cancel Pending: Not set
        .... ..1. = Last Frag: Set
        .... ...1 = First Frag: Set
    Data Representation: 10000000
        Byte order: Little-endian (1)
        Character: ASCII (0)
        Floating-point: IEEE (0)
    Frag Length: 204
    Auth Length: 176
    Call ID: 0
    Auth type: NTLMSSP (10)
    Auth level: Connect (2)
    Auth pad len: 0
    Auth Rsrvd: 0
    Auth Context ID: 1
    NTLM Secure Service Provider
        NTLMSSP identifier: NTLMSSP
        NTLM Message Type: NTLMSSP_AUTH (0x00000003)
        Lan Manager Response: 35dc573ad519484b00000000000000000000000000000000
            Length: 24
            Maxlen: 24
            Offset: 64
        NTLM Client Challenge: 35dc573ad519484b
        NTLM Response: 000257bfc437333955620d749bf7a5046697564a0871c1e8
            Length: 24
            Maxlen: 24
            Offset: 88
        Domain name: SG5.TKN
            Length: 14
            Maxlen: 14
            Offset: 112
        User name: Administrator
            Length: 26
            Maxlen: 26
            Offset: 126
        Host name: JCIFS0_83_DE
            Length: 24
            Maxlen: 24
            Offset: 152
        Session Key: Empty
        Flags: 0xa0898205
            1... .... .... .... .... .... .... .... = Negotiate 56: Set
            .0.. .... .... .... .... .... .... .... = Negotiate Key Exchange: Not set
            ..1. .... .... .... .... .... .... .... = Negotiate 128: Set
            ...0 .... .... .... .... .... .... .... = Negotiate 0x10000000: Not set
            .... 0... .... .... .... .... .... .... = Negotiate 0x08000000: Not set
            .... .0.. .... .... .... .... .... .... = Negotiate 0x04000000: Not set
            .... ..0. .... .... .... .... .... .... = Negotiate Version: Not set
            .... ...0 .... .... .... .... .... .... = Negotiate 0x01000000: Not set
            .... .... 1... .... .... .... .... .... = Negotiate Target Info: Set
            .... .... .0.. .... .... .... .... .... = Request Non-NT Session: Not set
            .... .... ..0. .... .... .... .... .... = Negotiate 0x00200000: Not set
            .... .... ...0 .... .... .... .... .... = Negotiate Identify: Not set
            .... .... .... 1... .... .... .... .... = Negotiate Extended Security: Set
            .... .... .... .0.. .... .... .... .... = Target Type Share: Not set
            .... .... .... ..0. .... .... .... .... = Target Type Server: Not set
            .... .... .... ...1 .... .... .... .... = Target Type Domain: Set
            .... .... .... .... 1... .... .... .... = Negotiate Always Sign: Set
            .... .... .... .... .0.. .... .... .... = Negotiate 0x00004000: Not set
            .... .... .... .... ..0. .... .... .... = Negotiate OEM Workstation Supplied: Not set
            .... .... .... .... ...0 .... .... .... = Negotiate OEM Domain Supplied: Not set
            .... .... .... .... .... 0... .... .... = Negotiate 0x00000800: Not set
            .... .... .... .... .... .0.. .... .... = Negotiate NT Only: Not set
            .... .... .... .... .... ..1. .... .... = Negotiate NTLM key: Set
            .... .... .... .... .... ...0 .... .... = Negotiate 0x00000100: Not set
            .... .... .... .... .... .... 0... .... = Negotiate Lan Manager Key: Not set
            .... .... .... .... .... .... .0.. .... = Negotiate Datagram: Not set
            .... .... .... .... .... .... ..0. .... = Negotiate Seal: Not set
            .... .... .... .... .... .... ...0 .... = Negotiate Sign: Not set
            .... .... .... .... .... .... .... 0... = Request 0x00000008: Not set
            .... .... .... .... .... .... .... .1.. = Request Target: Set
            .... .... .... .... .... .... .... ..0. = Negotiate OEM: Not set
            .... .... .... .... .... .... .... ...1 = Negotiate UNICODE: Set

################   end of wireshark ############################

Here is the hole log:
31 [main] INFO org.openscada.opc.lib.da.Server - Socket timeout: 0
Jun 18, 2013 10:38:02 AM org.jinterop.dcom.common.JISystem logSystemPropertiesAndVersion
INFO: j-Interop Version = j-Interop 2.08

Jun 18, 2013 10:38:02 AM org.jinterop.dcom.common.JISystem logSystemPropertiesAndVersion
INFO: java.runtime.name = Java(TM) SE Runtime Environment
sun.boot.library.path = C:\Programme\Java\jre7\bin
java.vm.version = 23.7-b01
java.vm.vendor = Oracle Corporation
java.vendor.url = http://java.oracle.com/
path.separator = ;
java.vm.name = Java HotSpot(TM) Client VM
file.encoding.pkg = sun.io
user.country = DE
user.script =
sun.java.launcher = SUN_STANDARD
sun.os.patch.level = Service Pack 3
java.vm.specification.name = Java Virtual Machine Specification
user.dir = C:\Java\OPCK\opck
java.runtime.version = 1.7.0_17-b02
java.awt.graphicsenv = sun.awt.Win32GraphicsEnvironment
java.endorsed.dirs = C:\Programme\Java\jre7\lib\endorsed
os.arch = x86
java.io.tmpdir = C:\DOKUME~1\ADMINI~1.SG5\LOKALE~1\Temp\
line.separator =

java.vm.specification.vendor = Oracle Corporation
user.variant =
os.name = Windows XP
sun.jnu.encoding = Cp1252
java.library.path = C:\Programme\Java\jre7\bin;C:\WINDOWS.0\Sun\Java\bin;C:\WINDOWS.0\system32;C:\WINDOWS.0;C:/Programme/Java/jre7/bin/client;C:/Programme/Java/jre7/bin;C:/Programme/Java/jre7/lib/i386;C:\WINDOWS.0\system32;C:\WINDOWS.0;C:\WINDOWS.0\System32\Wbem;C:\Programme\IDM Computer Solutions\UltraEdit-32;C:\Java\eclipse;;.
java.specification.name = Java Platform API Specification
java.class.version = 51.0
sun.management.compiler = HotSpot Client Compiler
os.version = 5.1
user.home = C:\Dokumente und Einstellungen\Administrator.SG5
user.timezone = Europe/Berlin
java.awt.printerjob = sun.awt.windows.WPrinterJob
file.encoding = Cp1252
java.specification.version = 1.7
java.class.path = C:\Java\OPCK\opck\bin;C:\tmp\opctest\j-interop.jar;C:\tmp\opctest\jcifs-1.2.19.jar;C:\tmp\opctest\j-interopdeps.jar;C:\tmp\opctest\junit-3.8.1.jar;C:\tmp\opctest\slf4j-api-1.6.99.jar;C:\tmp\opctest\slf4j-simple-1.6.99.jar;C:\Java\OPCK\opck\src\lib\opcdcom.jar;C:\Java\OPCK\opck\src\lib\opclib.jar;C:\Java\OPCK\opck\org.openscada.opc.dcom.source_1.0.0.201303061314.jar;C:\Java\OPCK\opck\org.openscada.opc.lib.source_1.0.0.201303061314.jar
user.name = Administrator
java.vm.specification.version = 1.7
sun.java.command = testing.UtgardTutorial1
java.home = C:\Programme\Java\jre7
sun.arch.data.model = 32
user.language = de
java.specification.vendor = Oracle Corporation
awt.toolkit = sun.awt.windows.WToolkit
java.vm.info = mixed mode, sharing
java.version = 1.7.0_17
java.ext.dirs = C:\Programme\Java\jre7\lib\ext;C:\WINDOWS.0\Sun\Java\lib\ext
sun.boot.class.path = C:\Programme\Java\jre7\lib\resources.jar;C:\Programme\Java\jre7\lib\rt.jar;C:\Programme\Java\jre7\lib\sunrsasign.jar;C:\Programme\Java\jre7\lib\jsse.jar;C:\Programme\Java\jre7\lib\jce.jar;C:\Programme\Java\jre7\lib\charsets.jar;C:\Programme\Java\jre7\lib\jfr.jar;C:\Programme\Java\jre7\classes
java.vendor = Oracle Corporation
file.separator = \
java.vendor.url.bug = http://bugreport.sun.com/bugreport/
sun.io.unicode.encoding = UnicodeLittle
sun.cpu.endian = little
sun.desktop = windows
sun.cpu.isalist = pentium_pro+mmx pentium_pro pentium+mmx pentium i486 i386 i86

Jun 18, 2013 10:38:02 AM org.jinterop.dcom.core.JIComOxidRuntime$ServerPingTimerTask run
INFO: Running ServerPingTimerTask !
Jun 18, 2013 10:38:02 AM org.jinterop.dcom.core.JISession createSession
INFO: Created Session: 824883123
Jun 18, 2013 10:38:02 AM org.jinterop.dcom.core.JIComOxidRuntime$ClientPingTimerTask run
INFO: Running ClientPingTimerTask !
Jun 18, 2013 10:38:02 AM org.jinterop.dcom.common.JISystem internal_dumpMap
INFO: mapOfHostnamesVsIPs: {}
Jun 18, 2013 10:38:02 AM rpc.DefaultConnection processOutgoing
INFO:
Sending BIND
Jun 18, 2013 10:38:02 AM rpc.DefaultConnection processIncoming
INFO:
Recieved BIND_ACK
Jun 18, 2013 10:38:02 AM rpc.DefaultConnection processOutgoing
INFO:
Sending AUTH3
Jun 18, 2013 10:38:03 AM rpc.DefaultConnection processOutgoing
INFO:
Sending ALTER_CTX
Jun 18, 2013 10:38:03 AM rpc.DefaultConnection processIncoming
INFO:
Recieved ALTER_CTX_RESP
Jun 18, 2013 10:38:03 AM rpc.DefaultConnection processOutgoing
INFO:
Sending REQUEST
Jun 18, 2013 10:38:03 AM rpc.DefaultConnection processIncoming
INFO:
Recieved RESPONSE
Jun 18, 2013 10:38:03 AM org.jinterop.dcom.core.JIComOxidRuntime addUpdateOXIDs
INFO: addUpdateOXIDs: finally this oid is { IPID ref count is 1 } and OID in bytes[] 00000: 3E F1 7A EA 00 00 52 24                          |>ñzê..R$        |

, hasExpired false }
Jun 18, 2013 10:38:03 AM org.jinterop.dcom.core.JISession addToSession
INFO: [addToSession] Adding IPID: 0000d02b-04e4-05a8-b6dc-d2f8059cbc2d to session: 824883123
Jun 18, 2013 10:38:03 AM org.jinterop.dcom.core.JISession addToSession
INFO: for IID: 00000000-0000-0000-c000-000000000046
Jun 18, 2013 10:38:03 AM org.jinterop.dcom.core.JIComObjectImpl addRef
WARNING: addRef: Adding 5 references for 0000d02b-04e4-05a8-b6dc-d2f8059cbc2d session: 824883123
Jun 18, 2013 10:38:03 AM rpc.DefaultConnection processOutgoing
INFO:
Sending BIND
Jun 18, 2013 10:38:03 AM rpc.DefaultConnection processIncoming
INFO:
Recieved BIND_ACK
Jun 18, 2013 10:38:03 AM rpc.DefaultConnection processOutgoing
INFO:
Sending AUTH3
Jun 18, 2013 10:38:03 AM rpc.DefaultConnection processOutgoing
INFO:
Sending REQUEST
Jun 18, 2013 10:38:04 AM rpc.DefaultConnection processIncoming
INFO:
Recieved RESPONSE
1625 [main] INFO org.openscada.opc.lib.da.Server - Failed to connect to server
org.jinterop.dcom.common.JIException: Access is denied. [0x80070005]
    at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:161)
    at org.jinterop.dcom.core.JIRemUnknownServer.addRef_ReleaseRef(JIRemUnknownServer.java:181)
    at org.jinterop.dcom.core.JIComObjectImpl.addRef(JIComObjectImpl.java:118)
    at org.jinterop.dcom.core.JIComServer.createInstance(JIComServer.java:786)
    at org.openscada.opc.lib.da.Server.connect(Server.java:130)
    at testing.UtgardTutorial1.main(UtgardTutorial1.java:39)
Caused by: org.jinterop.dcom.common.JIRuntimeException: Access is denied. [0x80070005]
    at org.jinterop.dcom.core.JICallBuilder.readResult(JICallBuilder.java:1079)
    at org.jinterop.dcom.core.JICallBuilder.read(JICallBuilder.java:957)
    at ndr.NdrObject.decode(NdrObject.java:36)
    at rpc.ConnectionOrientedEndpoint.call(ConnectionOrientedEndpoint.java:137)
    at rpc.Stub.call(Stub.java:113)
    at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:152)
    ... 5 more
1641 [main] INFO org.openscada.opc.lib.da.Server - Destroying DCOM session...
1641 [main] INFO org.openscada.opc.lib.da.Server - Destroying DCOM session... forked
Jun 18, 2013 10:38:04 AM org.jinterop.dcom.core.JISession prepareForReleaseRef
WARNING: prepareForReleaseRef: Releasing numInstancesfirsttime + 5 references of IPID: 0000d02b-04e4-05a8-b6dc-d2f8059cbc2d session: 824883123 , numInstancesfirsttime is 5
Jun 18, 2013 10:38:04 AM org.jinterop.dcom.core.JISession releaseRefs
INFO: In releaseRefs for session : 824883123 , array length is: 1
Jun 18, 2013 10:38:04 AM rpc.DefaultConnection processOutgoing
INFO:
Sending REQUEST
Jun 18, 2013 10:38:04 AM org.jinterop.dcom.core.JIComOxidRuntime clearIPIDsforSession
INFO: clearIPIDsforSession: holder.currentSetOIDs's size is 1
Jun 18, 2013 10:38:04 AM org.jinterop.dcom.core.JISession destroySession
INFO: Destroyed Session: 824883123
Jun 18, 2013 10:38:04 AM org.jinterop.dcom.core.JISession postDestroy
INFO: About to destroy links for Session: 824883123 , size of which is 0
Jun 18, 2013 10:38:04 AM org.jinterop.dcom.core.JIComOxidRuntime destroySessionOIDs
INFO: destroySessionOIDs for session: 824883123
1656 [OPCSessionDestructor] INFO org.openscada.opc.lib.da.Server - Destructed DCOM session
1656 [OPCSessionDestructor] INFO org.openscada.opc.lib.da.Server - Session destruction took 15 ms
Exception in thread "jI_ShutdownHook" java.lang.NullPointerException
    at org.jinterop.dcom.transport.JIComTransport.close(JIComTransport.java:124)
    at rpc.ConnectionOrientedEndpoint.detach(ConnectionOrientedEndpoint.java:232)
    at rpc.Stub.detach(Stub.java:94)
    at org.jinterop.dcom.core.JIRemUnknownServer.closeStub(JIRemUnknownServer.java:193)
    at org.jinterop.dcom.core.JISession.destroySession(JISession.java:633)
    at org.jinterop.dcom.core.JISession$2.run(JISession.java:232)
    at java.lang.Thread.run(Unknown Source)
80070005: Unknown error (80070005)

Jens Reimann

unread,

Jun 19, 2013, 4:37:01 AM6/19/13

to open...@googlegroups.com

Hi,

well we did that in the past and it worked fine. Though it was based on a Windows 2008 Server.

The first thing could be that you are using a ProgId for accessing the OPC server. If you do that, try using the ClassId instead. JCIFS is used for querying the ClassId from the ProgId.

--
You received this message because you are subscribed to the Google Groups "openSCADA" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openscada+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Josef Rick

unread,

Jun 19, 2013, 9:25:30 AM6/19/13

to open...@googlegroups.com

Thanks you for the fast information.
I tried it to, but it didnt change anything.
I' m not sure which log i post, CLSID or ProgID. But the error message looklike the same.

I can to it one more if it is helpfull.

Josef

Date: Wed, 19 Jun 2013 10:37:01 +0200
Subject: Re: [openSCADA] utgard 1.0 ABB Industrial it running on win2K
From: ctro...@gmail.com
To: open...@googlegroups.com

Jens Reimann

unread,

Jun 19, 2013, 10:28:06 AM6/19/13

to open...@googlegroups.com

Well you can specify some properties for "jcifs".

First you need to create a java properties file, name it something you like and remember and specify the absolute path using the system property "jcifs.properties".

Inside this file specify the following property:
jcifs.netbios.hostname=MY-HOSTNAME

This should change your hostname to whatever you like.

Josef Rick

unread,

Jun 20, 2013, 11:58:38 AM6/20/13

to open...@googlegroups.com

thanks for the quick answere.

It try it remote, it seems not working, but it had to check it on site a get a log to check, if jcifs is now working.

Josef

Date: Wed, 19 Jun 2013 16:28:06 +0200

Josef Rick

unread,

Jun 21, 2013, 11:17:37 AM6/21/13

to open...@googlegroups.com

I checked it on site. Result: it will not working.
I found one reason:

the property file is not read well

I gooled a little bit and it seems jcifs > 1.2.15 has some problems. All solution i found works with a web.xml file for tomcat or so.
My question: how to set the hostname?

second: can someone provide his property file, setting the hostname? Maybe I did it in a wrong way to add only: >>jcifs.netbios.hostname=AAAAAAAA<<<<< ???

Thanks for answeres.

Josef

Date: Wed, 19 Jun 2013 16:28:06 +0200

Jens Reimann

unread,

Jun 21, 2013, 11:25:01 AM6/21/13

to open...@googlegroups.com

Maybe you can provide some information on what you did and what you found at Google.

Josef Rick

unread,

Jun 21, 2013, 12:04:55 PM6/21/13

to open...@googlegroups.com

of couse,

1.) in eclise run configuration add: -Djcifs.properties=c:\tmp\opc.prp
2.) create file c:\tmp\opc.prp: 1 line: jcifs.netbios.hostname=AAAAAAAA
3.) run in eclipse a look to wireshark: hostname not in Telegramm: found a new hostname Host name: JCIFS0_83_65 (XXXX_DE wasin the last examples)
4.) my idea: something wrong in my prop-file, so i ccheckt google an found:
http://www.angelfire.com/nj4/najmi/ntlmhttpauth.htm
5.) and found
https://lists.samba.org/archive/jcifs/2007-November/007512.html

6.) checking the log file:

java.class.path = C:\Java\OPCK\opck\bin;C:\tmp\opctest\j-interop.jar;C:\tmp\opctest\jcifs-1.2.19.jar;C:\tmp\opctest\j-interopdeps.jar;C:\tmp\opctest\junit-3.8.1.jar;C:\tmp\opctest\slf4j-api-1.6.99.jar;C:\tmp\opctest\slf4j-simple-1.6.99.jar;C:\Java\OPCK\opck\src\lib\opcdcom.jar;C:\Java\OPCK\opck\src\lib\opclib.jar;C:\Java\OPCK\opck\org.openscada.opc.dcom.source_1.0.0.201303061314.jar;C:\Java\OPCK\opck\org.openscada.opc.lib.source_1.0.0.201303061314.jar

that my result of testing.

with regards
Josef

Date: Fri, 21 Jun 2013 17:25:01 +0200
Subject: RE: [openSCADA] utgard 1.0 ABB Industrial it running on win2K

Jens Reimann

unread,

Jun 21, 2013, 12:24:50 PM6/21/13

to open...@googlegroups.com

Can you please try again with the jcifs library provided by openscada. It is version 1.2.25 I think.

Josef Rick

unread,

Jun 21, 2013, 6:00:22 PM6/21/13

to open...@googlegroups.com

Thanks for the quick answere.
I will test it.But next week i'm off.
So I will test it begin of Juli

Thanks
for the support

Josef

Date: Fri, 21 Jun 2013 18:24:50 +0200

Josef Rick

unread,

Jun 21, 2013, 6:01:46 PM6/21/13

to open...@googlegroups.com

Thanks for the quick answere.
I will test it.But next week i'm off.
So I will test it begin of Juli

Thanks
for the support

Josef

Date: Fri, 21 Jun 2013 18:24:50 +0200

Josef Rick

unread,

Jul 2, 2013, 9:47:50 AM7/2/13

to open...@googlegroups.com

sorry for the late answere, i was some days off.

I downloaded the sorce from the site, and rebuild all jar's:
But no change: the hostname of the localsystem is still wrong.
My question: is the name really wrong, or is the name maybe decoded ?
So I added the complete wireshark logging. Please check pkt. 40 to 41 from the login.
My idea: the transfer of the clsid goes wrong, because changig user or password gives diffents results.
Using a wrong clsid seems the same results.
So: can you check the answeres from the systems in the logging file ?

Thanks a a lot.

******************************************

No. Time Source Destination Protocol Length Info

34 3.525424000 172.16.0.83 172.16.0.41 TCP 62 compaq-wcp > epmap [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

Frame 34: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:04.195915000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764664.195915000 seconds
    [Time delta from previous captured frame: 0.025570000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 3.525424000 seconds]
    Frame Number: 34
    Frame Length: 62 bytes (496 bits)
    Capture Length: 62 bytes (496 bits)

[Frame is marked: False]
[Frame is ignored: False]

    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: TCP SYN/FIN]
    [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]

Ethernet II, Src: Asiarock_34:82:68 (00:0b:6a:34:82:68), Dst: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)
    Destination: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)
        Address: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: Asiarock_34:82:68 (00:0b:6a:34:82:68)
        Address: Asiarock_34:82:68 (00:0b:6a:34:82:68)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)

Total Length: 48
Identification: 0xcabe (51902)

    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (6)

Header checksum: 0xd76c [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: compaq-wcp (2555), Dst Port: epmap (135), Seq: 0, Len: 0
    Source port: compaq-wcp (2555)
    Destination port: epmap (135)
    [Stream index: 0]
    Sequence number: 0    (relative sequence number)
    Header length: 28 bytes
    Flags: 0x002 (SYN)

        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set

.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set

.... .... .0.. = Reset: Not set

        .... .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish request (SYN): server port epmap]
                [Message: Connection establish request (SYN): server port epmap]
                [Severity level: Chat]
                [Group: Sequence]

.... .... ...0 = Fin: Not set

    Window size value: 65535
    [Calculated window size: 65535]
    Checksum: 0x2199 [validation disabled]

[Good Checksum: False]
[Bad Checksum: False]

    Options: (8 bytes), Maximum segment size, No-Operation (NOP), No-Operation (NOP), SACK permitted
        Maximum segment size: 1460 bytes
            Kind: MSS size (2)
            Length: 4
            MSS Value: 1460
        No-Operation (NOP)
            Type: 1
                0... .... = Copy on fragmentation: No
                .00. .... = Class: Control (0)
                ...0 0001 = Number: No-Operation (NOP) (1)
        No-Operation (NOP)
            Type: 1
                0... .... = Copy on fragmentation: No
                .00. .... = Class: Control (0)
                ...0 0001 = Number: No-Operation (NOP) (1)
        TCP SACK Permitted Option: True
            Kind: SACK Permission (4)
            Length: 2

No. Time Source Destination Protocol Length Info

35 3.525545000 172.16.0.41 172.16.0.83 TCP 62 epmap > compaq-wcp [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 SACK_PERM=1

Frame 35: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:04.196036000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764664.196036000 seconds
    [Time delta from previous captured frame: 0.000121000 seconds]
    [Time delta from previous displayed frame: 0.000121000 seconds]
    [Time since reference or first frame: 3.525545000 seconds]
    Frame Number: 35
    Frame Length: 62 bytes (496 bits)
    Capture Length: 62 bytes (496 bits)

[Frame is marked: False]
[Frame is ignored: False]

    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: TCP SYN/FIN]
    [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: Asiarock_34:82:68 (00:0b:6a:34:82:68)
    Destination: Asiarock_34:82:68 (00:0b:6a:34:82:68)

        Address: Asiarock_34:82:68 (00:0b:6a:34:82:68)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)

Source: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)

        Address: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)

Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)

    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)

Total Length: 48
Identification: 0x9a4e (39502)

    Header checksum: 0x07dd [correct]
        [Good: True]
        [Bad: False]
    Source: 172.16.0.41 (172.16.0.41)
    Destination: 172.16.0.83 (172.16.0.83)

[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: epmap (135), Dst Port: compaq-wcp (2555), Seq: 0, Ack: 1, Len: 0
    Source port: epmap (135)
    Destination port: compaq-wcp (2555)
    [Stream index: 0]
    Sequence number: 0    (relative sequence number)
    Acknowledgment number: 1    (relative ack number)
    Header length: 28 bytes
    Flags: 0x012 (SYN, ACK)

.... .... 0... = Push: Not set

.... .... .0.. = Reset: Not set

        .... .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port epmap]
                [Message: Connection establish acknowledge (SYN+ACK): server port epmap]
                [Severity level: Chat]
                [Group: Sequence]

.... .... ...0 = Fin: Not set

    Window size value: 64240
    [Calculated window size: 64240]
    Checksum: 0x9891 [validation disabled]

[Good Checksum: False]
[Bad Checksum: False]

No. Time Source Destination Protocol Length Info

36 3.525571000 172.16.0.83 172.16.0.41 TCP 54 compaq-wcp > epmap [ACK] Seq=1 Ack=1 Win=65535 Len=0

Frame 36: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:04.196062000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764664.196062000 seconds
    [Time delta from previous captured frame: 0.000026000 seconds]
    [Time delta from previous displayed frame: 0.000026000 seconds]
    [Time since reference or first frame: 3.525571000 seconds]
    Frame Number: 36
    Frame Length: 54 bytes (432 bits)
    Capture Length: 54 bytes (432 bits)

[Frame is marked: False]
[Frame is ignored: False]

    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: TCP]
    [Coloring Rule String: tcp]

Total Length: 40
Identification: 0xcabf (51903)

Header checksum: 0xd773 [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: compaq-wcp (2555), Dst Port: epmap (135), Seq: 1, Ack: 1, Len: 0
    Source port: compaq-wcp (2555)
    Destination port: epmap (135)
    [Stream index: 0]
    Sequence number: 1    (relative sequence number)
    Acknowledgment number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x010 (ACK)

.... .... 0... = Push: Not set

        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set

Window size value: 65535
[Calculated window size: 65535]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0xc046 [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[This is an ACK to the segment in frame: 35]
[The RTT to ACK the segment was: 0.000026000 seconds]

No. Time Source Destination Protocol Length Info

40 3.653906000 172.16.0.83 172.16.0.41 DCERPC 185 Bind: call_id: 0 Fragment: Single, 1 context items: IOXIDResolver V0.0 (32bit NDR), NTLMSSP_NEGOTIATE

Frame 40: 185 bytes on wire (1480 bits), 185 bytes captured (1480 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:04.324397000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764664.324397000 seconds
    [Time delta from previous captured frame: 0.043107000 seconds]
    [Time delta from previous displayed frame: 0.128335000 seconds]
    [Time since reference or first frame: 3.653906000 seconds]
    Frame Number: 40
    Frame Length: 185 bytes (1480 bits)
    Capture Length: 185 bytes (1480 bits)

    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:dcerpc]
    [Coloring Rule Name: DCERPC]
    [Coloring Rule String: dcerpc]
Ethernet II, Src: Asiarock_34:82:68 (00:0b:6a:34:82:68), Dst: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)
    Destination: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)
        Address: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: Asiarock_34:82:68 (00:0b:6a:34:82:68)
        Address: Asiarock_34:82:68 (00:0b:6a:34:82:68)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)

Total Length: 171
Identification: 0xcac0 (51904)

Header checksum: 0xd6ef [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: compaq-wcp (2555), Dst Port: epmap (135), Seq: 1, Ack: 1, Len: 131
    Source port: compaq-wcp (2555)
    Destination port: epmap (135)
    [Stream index: 0]
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 132    (relative sequence number)]
    Acknowledgment number: 1    (relative ack number)

    Header length: 20 bytes
    Flags: 0x018 (PSH, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 1... = Push: Set
        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set

Window size value: 65535
[Calculated window size: 65535]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0xa2cb [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[Bytes in flight: 131]
Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 131, Call: 0

Version: 5
Version (minor): 0

Packet type: Bind (11)

    Packet Flags: 0x03
        0... .... = Object: Not set
        .0.. .... = Maybe: Not set
        ..0. .... = Did Not Execute: Not set
        ...0 .... = Multiplex: Not set
        .... 0... = Reserved: Not set
        .... .0.. = Cancel Pending: Not set
        .... ..1. = Last Frag: Set
        .... ...1 = First Frag: Set
    Data Representation: 10000000
        Byte order: Little-endian (1)
        Character: ASCII (0)
        Floating-point: IEEE (0)

    Frag Length: 131
    Auth Length: 51
    Call ID: 0
    Max Xmit Frag: 4280
    Max Recv Frag: 4280
    Assoc Group: 0x00000000
    Num Ctx Items: 1
    Ctx Item[1]: ID:0
        Context ID: 0
        Num Trans Items: 1
        Abstract Syntax: IOXIDResolver V0.0
            Interface: IOXIDResolver UUID: 99fcfec4-5260-101b-bbcb-00aa0021347a
            Interface Ver: 0
            Interface Ver Minor: 0
        Transfer Syntax[1]: 32bit NDR V2
            Transport Syntax: 32bit NDR UUID:8a885d04-1ceb-11c9-9fe8-08002b104860
            ver: 2

    Auth type: NTLMSSP (10)
    Auth level: Connect (2)
    Auth pad len: 0
    Auth Rsrvd: 0
    Auth Context ID: 1
    NTLM Secure Service Provider
        NTLMSSP identifier: NTLMSSP

NTLM Message Type: NTLMSSP_NEGOTIATE (0x00000001)
Flags: 0xa008b207

            1... .... .... .... .... .... .... .... = Negotiate 56: Set
            .0.. .... .... .... .... .... .... .... = Negotiate Key Exchange: Not set
            ..1. .... .... .... .... .... .... .... = Negotiate 128: Set
            ...0 .... .... .... .... .... .... .... = Negotiate 0x10000000: Not set
            .... 0... .... .... .... .... .... .... = Negotiate 0x08000000: Not set
            .... .0.. .... .... .... .... .... .... = Negotiate 0x04000000: Not set
            .... ..0. .... .... .... .... .... .... = Negotiate Version: Not set
            .... ...0 .... .... .... .... .... .... = Negotiate 0x01000000: Not set

.... .... 0... .... .... .... .... .... = Negotiate Target Info: Not set

            .... .... .0.. .... .... .... .... .... = Request Non-NT Session: Not set
            .... .... ..0. .... .... .... .... .... = Negotiate 0x00200000: Not set
            .... .... ...0 .... .... .... .... .... = Negotiate Identify: Not set
            .... .... .... 1... .... .... .... .... = Negotiate Extended Security: Set
            .... .... .... .0.. .... .... .... .... = Target Type Share: Not set
            .... .... .... ..0. .... .... .... .... = Target Type Server: Not set

.... .... .... ...0 .... .... .... .... = Target Type Domain: Not set

.... .... .... .... 1... .... .... .... = Negotiate Always Sign: Set
.... .... .... .... .0.. .... .... .... = Negotiate 0x00004000: Not set

.... .... .... .... ..1. .... .... .... = Negotiate OEM Workstation Supplied: Set
.... .... .... .... ...1 .... .... .... = Negotiate OEM Domain Supplied: Set

            .... .... .... .... .... 0... .... .... = Negotiate 0x00000800: Not set
            .... .... .... .... .... .0.. .... .... = Negotiate NT Only: Not set
            .... .... .... .... .... ..1. .... .... = Negotiate NTLM key: Set
            .... .... .... .... .... ...0 .... .... = Negotiate 0x00000100: Not set
            .... .... .... .... .... .... 0... .... = Negotiate Lan Manager Key: Not set
            .... .... .... .... .... .... .0.. .... = Negotiate Datagram: Not set
            .... .... .... .... .... .... ..0. .... = Negotiate Seal: Not set
            .... .... .... .... .... .... ...0 .... = Negotiate Sign: Not set
            .... .... .... .... .... .... .... 0... = Request 0x00000008: Not set
            .... .... .... .... .... .... .... .1.. = Request Target: Set

.... .... .... .... .... .... .... ..1. = Negotiate OEM: Set

.... .... .... .... .... .... .... ...1 = Negotiate UNICODE: Set

        Calling workstation domain: SG5.TKN
            Length: 7
            Maxlen: 7
            Offset: 32
        Calling workstation name: JCIFS0_83_27
            Length: 12
            Maxlen: 12
            Offset: 39

No. Time Source Destination Protocol Length Info

41 3.654408000 172.16.0.41 172.16.0.83 DCERPC 260 Bind_ack: call_id: 0 Fragment: Single, max_xmit: 4280 max_recv: 4280, 1 results: Acceptance, NTLMSSP_CHALLENGE

Frame 41: 260 bytes on wire (2080 bits), 260 bytes captured (2080 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:04.324899000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764664.324899000 seconds
    [Time delta from previous captured frame: 0.000502000 seconds]
    [Time delta from previous displayed frame: 0.000502000 seconds]
    [Time since reference or first frame: 3.654408000 seconds]
    Frame Number: 41
    Frame Length: 260 bytes (2080 bits)
    Capture Length: 260 bytes (2080 bits)

    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:dcerpc]
    [Coloring Rule Name: DCERPC]
    [Coloring Rule String: dcerpc]

Ethernet II, Src: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: Asiarock_34:82:68 (00:0b:6a:34:82:68)
Destination: Asiarock_34:82:68 (00:0b:6a:34:82:68)

Source: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)

Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)

Total Length: 246
Identification: 0x9a56 (39510)

    Header checksum: 0x070f [correct]
        [Good: True]
        [Bad: False]
    Source: 172.16.0.41 (172.16.0.41)
    Destination: 172.16.0.83 (172.16.0.83)

[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: epmap (135), Dst Port: compaq-wcp (2555), Seq: 1, Ack: 132, Len: 206
    Source port: epmap (135)
    Destination port: compaq-wcp (2555)
    [Stream index: 0]
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 207    (relative sequence number)]
    Acknowledgment number: 132    (relative ack number)

Window size value: 64109
[Calculated window size: 64109]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x29ad [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

        [This is an ACK to the segment in frame: 40]
        [The RTT to ACK the segment was: 0.000502000 seconds]
        [Bytes in flight: 206]
Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 206, Call: 0

Version: 5
Version (minor): 0

Packet type: Bind_ack (12)

    Frag Length: 206
    Auth Length: 138
    Call ID: 0
    Max Xmit Frag: 4280
    Max Recv Frag: 4280
    Assoc Group: 0x0000e938
    Scndry Addr len: 4
    Scndry Addr: 135
    Num results: 1
    Context ID[1]
        Ack result: Acceptance (0)
        Transfer Syntax: 32bit NDR
        Syntax ver: 2

    Auth type: NTLMSSP (10)
    Auth level: Connect (2)
    Auth pad len: 0
    Auth Rsrvd: 0
    Auth Context ID: 1
    NTLM Secure Service Provider
        NTLMSSP identifier: NTLMSSP

        NTLM Message Type: NTLMSSP_CHALLENGE (0x00000002)
        Target Name: SG5
            Length: 6
            Maxlen: 6
            Offset: 48

        NTLM Server Challenge: 8ad05491d36aca2f
        Reserved: 0000000000000000
        Target Info
            Length: 84
            Maxlen: 84
            Offset: 54
            Attribute: NetBIOS domain name: SG5
                Target Info Item Type: NetBIOS domain name (0x0002)
                Target Info Item Length: 6
                NetBIOS Domain Name: SG5
            Attribute: NetBIOS computer name: AA01CS1
                Target Info Item Type: NetBIOS computer name (0x0001)
                Target Info Item Length: 14
                NetBIOS Computer Name: AA01CS1
            Attribute: DNS domain name: SG5.TKN
                Target Info Item Type: DNS domain name (0x0004)
                Target Info Item Length: 14
                DNS Domain Name: SG5.TKN
            Attribute: DNS computer name: AA01CS1.SG5.TKN
                Target Info Item Type: DNS computer name (0x0003)
                Target Info Item Length: 30
                DNS Computer Name: AA01CS1.SG5.TKN
            Attribute: End of list
                Target Info Item Type: End of list (0x0000)
                Target Info Item Length: 0

No. Time Source Destination Protocol Length Info

43 3.850310000 172.16.0.83 172.16.0.41 TCP 54 compaq-wcp > epmap [ACK] Seq=132 Ack=207 Win=65329 Len=0

Frame 43: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:04.520801000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764664.520801000 seconds
    [Time delta from previous captured frame: 0.002966000 seconds]
    [Time delta from previous displayed frame: 0.195902000 seconds]
    [Time since reference or first frame: 3.850310000 seconds]
    Frame Number: 43
    Frame Length: 54 bytes (432 bits)
    Capture Length: 54 bytes (432 bits)

[Frame is marked: False]
[Frame is ignored: False]

    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: TCP]
    [Coloring Rule String: tcp]

Total Length: 40
Identification: 0xcac1 (51905)

Header checksum: 0xd771 [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: compaq-wcp (2555), Dst Port: epmap (135), Seq: 132, Ack: 207, Len: 0
    Source port: compaq-wcp (2555)
    Destination port: epmap (135)
    [Stream index: 0]

Sequence number: 132 (relative sequence number)

Acknowledgment number: 207 (relative ack number)
Header length: 20 bytes

Flags: 0x010 (ACK)

.... .... 0... = Push: Not set

        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
    Window size value: 65329
    [Calculated window size: 65329]
    [Window size scaling factor: -2 (no window scaling used)]

Checksum: 0xbfc3 [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[This is an ACK to the segment in frame: 41]
[The RTT to ACK the segment was: 0.195902000 seconds]

No. Time Source Destination Protocol Length Info

44 4.102775000 172.16.0.83 172.16.0.41 DCERPC 258 AUTH3: call_id: 0 Fragment: Single, NTLMSSP_AUTH, User: SG5.TKN\Administrator

Frame 44: 258 bytes on wire (2064 bits), 258 bytes captured (2064 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:04.773266000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764664.773266000 seconds
    [Time delta from previous captured frame: 0.252465000 seconds]
    [Time delta from previous displayed frame: 0.252465000 seconds]
    [Time since reference or first frame: 4.102775000 seconds]
    Frame Number: 44

    Frame Length: 258 bytes (2064 bits)
    Capture Length: 258 bytes (2064 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:dcerpc]
    [Coloring Rule Name: DCERPC]
    [Coloring Rule String: dcerpc]
Ethernet II, Src: Asiarock_34:82:68 (00:0b:6a:34:82:68), Dst: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)
    Destination: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)
        Address: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: Asiarock_34:82:68 (00:0b:6a:34:82:68)
        Address: Asiarock_34:82:68 (00:0b:6a:34:82:68)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.41 (172.16.0.41)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
    Total Length: 244

Identification: 0xcac2 (51906)

Header checksum: 0xd6a4 [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: compaq-wcp (2555), Dst Port: epmap (135), Seq: 132, Ack: 207, Len: 204
    Source port: compaq-wcp (2555)
    Destination port: epmap (135)
    [Stream index: 0]

    Sequence number: 132    (relative sequence number)
    [Next sequence number: 336    (relative sequence number)]
    Acknowledgment number: 207    (relative ack number)
    Header length: 20 bytes
    Flags: 0x018 (PSH, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 1... = Push: Set
        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
    Window size value: 65329
    [Calculated window size: 65329]
    [Window size scaling factor: -2 (no window scaling used)]

Checksum: 0xa044 [validation disabled]

Lan Manager Response: 80dfd9fdf14e5e9b00000000000000000000000000000000

            Length: 24
            Maxlen: 24
            Offset: 64

NTLM Client Challenge: 80dfd9fdf14e5e9b
NTLM Response: daf7856c9691da5b60c100c4c3cc5eb505508d57684c2d6a

            Length: 24
            Maxlen: 24
            Offset: 88
        Domain name: SG5.TKN
            Length: 14
            Maxlen: 14
            Offset: 112
        User name: Administrator
            Length: 26
            Maxlen: 26
            Offset: 126

Host name: JCIFS0_83_27

No. Time Source Destination Protocol Length Info

46 4.244934000 172.16.0.41 172.16.0.83 TCP 60 epmap > compaq-wcp [ACK] Seq=207 Ack=336 Win=63905 Len=0

Frame 46: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:04.915425000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764664.915425000 seconds
    [Time delta from previous captured frame: 0.029164000 seconds]
    [Time delta from previous displayed frame: 0.142159000 seconds]
    [Time since reference or first frame: 4.244934000 seconds]
    Frame Number: 46
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)

[Frame is marked: False]
[Frame is ignored: False]

    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: TCP]
    [Coloring Rule String: tcp]
Ethernet II, Src: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: Asiarock_34:82:68 (00:0b:6a:34:82:68)
    Destination: Asiarock_34:82:68 (00:0b:6a:34:82:68)

Source: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)

Type: IP (0x0800)
Padding: 020405b40101
Internet Protocol Version 4, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)

Total Length: 40
Identification: 0x9a83 (39555)

    Header checksum: 0x07b0 [correct]
        [Good: True]
        [Bad: False]
    Source: 172.16.0.41 (172.16.0.41)
    Destination: 172.16.0.83 (172.16.0.83)

[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: epmap (135), Dst Port: compaq-wcp (2555), Seq: 207, Ack: 336, Len: 0
    Source port: epmap (135)
    Destination port: compaq-wcp (2555)
    [Stream index: 0]
    Sequence number: 207    (relative sequence number)
    Acknowledgment number: 336    (relative ack number)
    Header length: 20 bytes
    Flags: 0x010 (ACK)

.... .... 0... = Push: Not set

        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set

Window size value: 63905
[Calculated window size: 63905]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0xc487 [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[This is an ACK to the segment in frame: 44]
[The RTT to ACK the segment was: 0.142159000 seconds]

No. Time Source Destination Protocol Length Info

47 4.245015000 172.16.0.83 172.16.0.41 DCERPC 126 Alter_context: call_id: 1 Fragment: Single, 1 context items: REMACT V0.0 (32bit NDR)

Frame 47: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:04.915506000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764664.915506000 seconds
    [Time delta from previous captured frame: 0.000081000 seconds]
    [Time delta from previous displayed frame: 0.000081000 seconds]
    [Time since reference or first frame: 4.245015000 seconds]
    Frame Number: 47
    Frame Length: 126 bytes (1008 bits)
    Capture Length: 126 bytes (1008 bits)

Total Length: 112
Identification: 0xcac3 (51907)

Header checksum: 0xd727 [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: compaq-wcp (2555), Dst Port: epmap (135), Seq: 336, Ack: 207, Len: 72
    Source port: compaq-wcp (2555)
    Destination port: epmap (135)
    [Stream index: 0]
    Sequence number: 336    (relative sequence number)
    [Next sequence number: 408    (relative sequence number)]

    Acknowledgment number: 207    (relative ack number)
    Header length: 20 bytes
    Flags: 0x018 (PSH, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 1... = Push: Set
        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
    Window size value: 65329
    [Calculated window size: 65329]
    [Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x8565 [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[Bytes in flight: 72]
Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context, Fragment: Single, FragLen: 72, Call: 1

Version: 5
Version (minor): 0

Packet type: Alter_context (14)

    Frag Length: 72
    Auth Length: 0
    Call ID: 1
    Max Xmit Frag: 4280
    Max Recv Frag: 4280
    Assoc Group: 0x0000e938
    Num Ctx Items: 1
    Ctx Item[1]: ID:1
        Context ID: 1
        Num Trans Items: 1
        Abstract Syntax: REMACT V0.0
            Interface: REMACT UUID: 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57
            Interface Ver: 0
            Interface Ver Minor: 0
        Transfer Syntax[1]: 32bit NDR V2
            Transport Syntax: 32bit NDR UUID:8a885d04-1ceb-11c9-9fe8-08002b104860
            ver: 2

No. Time Source Destination Protocol Length Info

48 4.245178000 172.16.0.41 172.16.0.83 DCERPC 110 Alter_context_resp: call_id: 1 Fragment: Single, max_xmit: 4280 max_recv: 4280, 1 results: Acceptance

Frame 48: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:04.915669000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764664.915669000 seconds
    [Time delta from previous captured frame: 0.000163000 seconds]
    [Time delta from previous displayed frame: 0.000163000 seconds]
    [Time since reference or first frame: 4.245178000 seconds]
    Frame Number: 48
    Frame Length: 110 bytes (880 bits)
    Capture Length: 110 bytes (880 bits)

    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:dcerpc]
    [Coloring Rule Name: DCERPC]
    [Coloring Rule String: dcerpc]

Ethernet II, Src: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: Asiarock_34:82:68 (00:0b:6a:34:82:68)
Destination: Asiarock_34:82:68 (00:0b:6a:34:82:68)

Source: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)

Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)

Total Length: 96
Identification: 0x9a84 (39556)

    Header checksum: 0x0777 [correct]
        [Good: True]
        [Bad: False]
    Source: 172.16.0.41 (172.16.0.41)
    Destination: 172.16.0.83 (172.16.0.83)

[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: epmap (135), Dst Port: compaq-wcp (2555), Seq: 207, Ack: 408, Len: 56
    Source port: epmap (135)
    Destination port: compaq-wcp (2555)
    [Stream index: 0]
    Sequence number: 207    (relative sequence number)
    [Next sequence number: 263    (relative sequence number)]
    Acknowledgment number: 408    (relative ack number)

Window size value: 63833
[Calculated window size: 63833]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x5aca [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

        [This is an ACK to the segment in frame: 47]
        [The RTT to ACK the segment was: 0.000163000 seconds]
        [Bytes in flight: 56]
Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Alter_context_resp, Fragment: Single, FragLen: 56, Call: 1

Version: 5
Version (minor): 0

Packet type: Alter_context_resp (15)

    Frag Length: 56
    Auth Length: 0
    Call ID: 1
    Max Xmit Frag: 4280
    Max Recv Frag: 4280
    Assoc Group: 0x0000e938
    Scndry Addr len: 0
    Num results: 1
    Context ID[1]
        Ack result: Acceptance (0)
        Transfer Syntax: 32bit NDR
        Syntax ver: 2

No. Time Source Destination Protocol Length Info

49 4.353248000 172.16.0.83 172.16.0.41 TCP 54 compaq-wcp > epmap [ACK] Seq=408 Ack=263 Win=65273 Len=0

Frame 49: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.023739000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.023739000 seconds
    [Time delta from previous captured frame: 0.108070000 seconds]
    [Time delta from previous displayed frame: 0.108070000 seconds]
    [Time since reference or first frame: 4.353248000 seconds]
    Frame Number: 49
    Frame Length: 54 bytes (432 bits)
    Capture Length: 54 bytes (432 bits)

[Frame is marked: False]
[Frame is ignored: False]

    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: TCP]
    [Coloring Rule String: tcp]

Total Length: 40
Identification: 0xcac4 (51908)

Header checksum: 0xd76e [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: compaq-wcp (2555), Dst Port: epmap (135), Seq: 408, Ack: 263, Len: 0
    Source port: compaq-wcp (2555)
    Destination port: epmap (135)
    [Stream index: 0]
    Sequence number: 408    (relative sequence number)
    Acknowledgment number: 263    (relative ack number)
    Header length: 20 bytes
    Flags: 0x010 (ACK)

.... .... 0... = Push: Not set

        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set

Window size value: 65273
[Calculated window size: 65273]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0xbeaf [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[This is an ACK to the segment in frame: 48]
[The RTT to ACK the segment was: 0.108070000 seconds]

No. Time Source Destination Protocol Length Info

52 4.486804000 172.16.0.83 172.16.0.41 REMACT 206 RemoteActivation request CLSID=??? IID[1]=IUnknown IID[2]=IDispatch[Long frame (10 bytes)]

Frame 52: 206 bytes on wire (1648 bits), 206 bytes captured (1648 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.157295000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.157295000 seconds
    [Time delta from previous captured frame: 0.081374000 seconds]
    [Time delta from previous displayed frame: 0.133556000 seconds]
    [Time since reference or first frame: 4.486804000 seconds]
    Frame Number: 52
    Frame Length: 206 bytes (1648 bits)
    Capture Length: 206 bytes (1648 bits)

Total Length: 192
Identification: 0xcac5 (51909)

Header checksum: 0xd6d5 [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: compaq-wcp (2555), Dst Port: epmap (135), Seq: 408, Ack: 263, Len: 152
    Source port: compaq-wcp (2555)
    Destination port: epmap (135)
    [Stream index: 0]
    Sequence number: 408    (relative sequence number)
    [Next sequence number: 560    (relative sequence number)]
    Acknowledgment number: 263    (relative ack number)

Window size value: 65273
[Calculated window size: 65273]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x0b2a [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[Bytes in flight: 152]
Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 152, Call: 2 Ctx: 1, [Resp: #53]

Version: 5
Version (minor): 0

Packet type: Request (0)

    Frag Length: 152
    Auth Length: 0
    Call ID: 2
    Alloc hint: 128
    Context ID: 1
    Opnum: 0
    [Response in frame: 53]
DCOM IRemoteActivation, RemoteActivation
    Operation: RemoteActivation (0)
    [Response in frame: 53]
    DCOM, ORPCThis, V5.2, Causality ID: 0a3c0500-c6c4-a011-887b-9f165c087753
        VersionMajor: 5
        VersionMinor: 2
        Flags: INFO_NULL (0x00000000)
        Reserved: 0x00000000
        Causality ID: 0a3c0500-c6c4-a011-887b-9f165c087753
    CLSID: 68aec2ca-93cd-11d1-94e1-0020afc84400
    ClientImplLevel: 3
    Mode: 0
    Interfaces: 2
    IID[1]: IUnknown (00000000-0000-0000-c000-000000000046)
    IID[2]: IDispatch (00020400-0000-0000-c000-000000000046)
    RequestedProtSeqs: 1
    ProtSeqs: NCACN_IP_TCP (7)
    [Long frame (10 bytes)]

No. Time Source Destination Protocol Length Info

53 4.488787000 172.16.0.41 172.16.0.83 REMACT 710 RemoteActivation response S_OK[1] E_NOINTERFACE[2] -> S_OK

Frame 53: 710 bytes on wire (5680 bits), 710 bytes captured (5680 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.159278000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.159278000 seconds
    [Time delta from previous captured frame: 0.001983000 seconds]
    [Time delta from previous displayed frame: 0.001983000 seconds]
    [Time since reference or first frame: 4.488787000 seconds]
    Frame Number: 53
    Frame Length: 710 bytes (5680 bits)
    Capture Length: 710 bytes (5680 bits)

    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:dcerpc]
    [Coloring Rule Name: DCERPC]
    [Coloring Rule String: dcerpc]

Ethernet II, Src: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: Asiarock_34:82:68 (00:0b:6a:34:82:68)
Destination: Asiarock_34:82:68 (00:0b:6a:34:82:68)

Source: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)

Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)

Total Length: 696
Identification: 0x9a96 (39574)

    Header checksum: 0x050d [correct]
        [Good: True]
        [Bad: False]
    Source: 172.16.0.41 (172.16.0.41)
    Destination: 172.16.0.83 (172.16.0.83)

[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: epmap (135), Dst Port: compaq-wcp (2555), Seq: 263, Ack: 560, Len: 656
    Source port: epmap (135)
    Destination port: compaq-wcp (2555)
    [Stream index: 0]
    Sequence number: 263    (relative sequence number)
    [Next sequence number: 919    (relative sequence number)]
    Acknowledgment number: 560    (relative ack number)

Window size value: 63681
[Calculated window size: 63681]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x258d [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

        [This is an ACK to the segment in frame: 52]
        [The RTT to ACK the segment was: 0.001983000 seconds]
        [Bytes in flight: 656]
Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 656, Call: 2 Ctx: 1, [Req: #52]

Version: 5
Version (minor): 0

Packet type: Response (2)

    Frag Length: 656
    Auth Length: 16
    Call ID: 2
    Alloc hint: 608
    Context ID: 1
    Cancel count: 0

    Auth type: NTLMSSP (10)
    Auth level: Connect (2)
    Auth pad len: 0
    Auth Rsrvd: 0
    Auth Context ID: 1

    Opnum: 0
    [Request in frame: 52]
    [Time from request: 0.001983000 seconds]
    NTLMSSP Verifier
        Version Number: 1
        Verifier Body: 000000000000000000000000
DCOM IRemoteActivation, RemoteActivation
    Operation: RemoteActivation (0)
    [Request in frame: 52]
    DCOM, ORPCThat
        Flags: INFO_LOCAL (0x00000001)
    OXID: 0x3e0ebd51000001ab
    OxidBindings: STRINGBINDINGs=3, SECURITYBINDINGs=5
        NumEntries: 159
        SecurityOffset: 62
        StringBinding[1]: TowerId=NCACN_IP_TCP, NetworkAddr="AA01CS1.SG5.TKN[2056]"
            TowerId: NCACN_IP_TCP (0x0007)
            NetworkAddr: AA01CS1.SG5.TKN[2056]
        StringBinding[2]: TowerId=NCACN_IP_TCP, NetworkAddr="172.16.4.41[2056]"
            TowerId: NCACN_IP_TCP (0x0007)
            NetworkAddr: 172.16.4.41[2056]
        StringBinding[3]: TowerId=NCACN_IP_TCP, NetworkAddr="172.16.0.41[2056]"
            TowerId: NCACN_IP_TCP (0x0007)
            NetworkAddr: 172.16.0.41[2056]
        SecurityBinding[1]: AuthnSvc=0x000a, AuthzSvc=0xffff, PrincName="NT AUTHORITY\SYSTEM"
            AuthnSvc: RPC_C_AUTH_WINNT (0x000a)
            AuthzSvc: Default (0xffff)
            PrincName: NT AUTHORITY\SYSTEM
        SecurityBinding[2]: AuthnSvc=0x0010, AuthzSvc=0xffff, PrincName="SG5\AA01CS1$"
            AuthnSvc: RPC_C_AUTHN_GSS_KERBEROS (0x0010)
            AuthzSvc: Default (0xffff)
            PrincName: SG5\AA01CS1$
        SecurityBinding[3]: AuthnSvc=0x0009, AuthzSvc=0xffff, PrincName="SG5\AA01CS1$"
            AuthnSvc: RPC_C_AUTHN_GSS_NEGOTIATE (0x0009)
            AuthzSvc: Default (0xffff)
            PrincName: SG5\AA01CS1$
        SecurityBinding[4]: AuthnSvc=0x0011, AuthzSvc=0xffff, PrincName="NT AUTHORITY\SYSTEM"
            AuthnSvc: RPC_C_AUTHN_MSN (0x0011)
            AuthzSvc: Default (0xffff)
            PrincName: NT AUTHORITY\SYSTEM
        SecurityBinding[5]: AuthnSvc=0x0012, AuthzSvc=0xffff, PrincName="NT AUTHORITY\SYSTEM"
            AuthnSvc: RPC_C_AUTHN_DPA (0x0012)
            AuthzSvc: Default (0xffff)
            PrincName: NT AUTHORITY\SYSTEM
    IPID: 0000ac03-04e4-05a8-b902-67d5d342cb6c
    AuthnHint: 4
    VersionMajor: 5
    VersionMinor: 6
    HResult: S_OK (0x00000000)
    InterfaceData
        CntData: 194
        OBJREF
            Signature: MEOW (0x574f454d)
            Flags: OBJREF_STANDARD (0x00000001)
            IID: IUnknown (00000000-0000-0000-c000-000000000046)
            STDOBJREF: PublicRefs=5 IPID=00019422-04e4-05a8-a9c8-b5a439c204f8
                Flags: SORF_NULL (0x00000000)
                PublicRefs: 0x00000005
                OXID: 0x3e0ebd51000001ab
                OID: 0x3f0418a600005909
                IPID: 00019422-04e4-05a8-a9c8-b5a439c204f8
            ResolverAddress: STRINGBINDINGs=3, SECURITYBINDINGs=6
                NumEntries: 63
                SecurityOffset: 44
                StringBinding[1]: TowerId=NCACN_IP_TCP, NetworkAddr="AA01CS1.SG5.TKN"
                    TowerId: NCACN_IP_TCP (0x0007)
                    NetworkAddr: AA01CS1.SG5.TKN
                StringBinding[2]: TowerId=NCACN_IP_TCP, NetworkAddr="172.16.4.41"
                    TowerId: NCACN_IP_TCP (0x0007)
                    NetworkAddr: 172.16.4.41
                StringBinding[3]: TowerId=NCACN_IP_TCP, NetworkAddr="172.16.0.41"
                    TowerId: NCACN_IP_TCP (0x0007)
                    NetworkAddr: 172.16.0.41
                        [Expert Info (Note/Undecoded): DUALSTRINGARRAY: multiple IP's 172.16.4.41 172.16.0.41]
                            [Message: DUALSTRINGARRAY: multiple IP's 172.16.4.41 172.16.0.41]
                            [Severity level: Note]
                            [Group: Undecoded]
                SecurityBinding[1]: AuthnSvc=0x0009, AuthzSvc=0xffff, PrincName=""
                    AuthnSvc: RPC_C_AUTHN_GSS_NEGOTIATE (0x0009)
                    AuthzSvc: Default (0xffff)
                    PrincName:
                SecurityBinding[2]: AuthnSvc=0x0010, AuthzSvc=0xffff, PrincName=""
                    AuthnSvc: RPC_C_AUTHN_GSS_KERBEROS (0x0010)
                    AuthzSvc: Default (0xffff)
                    PrincName:
                SecurityBinding[3]: AuthnSvc=0x000a, AuthzSvc=0xffff, PrincName=""
                    AuthnSvc: RPC_C_AUTH_WINNT (0x000a)
                    AuthzSvc: Default (0xffff)
                    PrincName:
                SecurityBinding[4]: AuthnSvc=0x000e, AuthzSvc=0xffff, PrincName=""
                    AuthnSvc: RPC_C_AUTHN_GSS_SCHANNEL (0x000e)
                    AuthzSvc: Default (0xffff)
                    PrincName:
                SecurityBinding[5]: AuthnSvc=0x0011, AuthzSvc=0xffff, PrincName=""
                    AuthnSvc: RPC_C_AUTHN_MSN (0x0011)
                    AuthzSvc: Default (0xffff)
                    PrincName:
                SecurityBinding[6]: AuthnSvc=0x0012, AuthzSvc=0xffff, PrincName=""
                    AuthnSvc: RPC_C_AUTHN_DPA (0x0012)
                    AuthzSvc: Default (0xffff)
                    PrincName:
    HResult[1]: S_OK (0x00000000)
    HResult[2]: E_NOINTERFACE (0x80004002)
        [Expert Info (Note/Response): Hresult: E_NOINTERFACE]
            [Message: Hresult: E_NOINTERFACE]
            [Severity level: Note]
            [Group: Response]
    HResult: S_OK (0x00000000)

No. Time Source Destination Protocol Length Info

57 4.655010000 172.16.0.83 172.16.0.41 TCP 54 compaq-wcp > epmap [ACK] Seq=560 Ack=919 Win=64617 Len=0

Frame 57: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.325501000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.325501000 seconds
    [Time delta from previous captured frame: 0.064850000 seconds]
    [Time delta from previous displayed frame: 0.166223000 seconds]
    [Time since reference or first frame: 4.655010000 seconds]
    Frame Number: 57
    Frame Length: 54 bytes (432 bits)
    Capture Length: 54 bytes (432 bits)

[Frame is marked: False]
[Frame is ignored: False]

    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: TCP]
    [Coloring Rule String: tcp]

Total Length: 40
Identification: 0xcac6 (51910)

Header checksum: 0xd76c [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: compaq-wcp (2555), Dst Port: epmap (135), Seq: 560, Ack: 919, Len: 0
    Source port: compaq-wcp (2555)
    Destination port: epmap (135)
    [Stream index: 0]
    Sequence number: 560    (relative sequence number)
    Acknowledgment number: 919    (relative ack number)
    Header length: 20 bytes
    Flags: 0x010 (ACK)

.... .... 0... = Push: Not set

        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set

Window size value: 64617
[Calculated window size: 64617]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0xbe17 [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[This is an ACK to the segment in frame: 53]
[The RTT to ACK the segment was: 0.166223000 seconds]

No. Time Source Destination Protocol Length Info

58 4.667943000 172.16.0.83 172.16.0.41 TCP 54 compaq-wcp > epmap [FIN, ACK] Seq=560 Ack=919 Win=64617 Len=0

Frame 58: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.338434000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.338434000 seconds
    [Time delta from previous captured frame: 0.012933000 seconds]
    [Time delta from previous displayed frame: 0.012933000 seconds]
    [Time since reference or first frame: 4.667943000 seconds]
    Frame Number: 58
    Frame Length: 54 bytes (432 bits)
    Capture Length: 54 bytes (432 bits)

[Frame is marked: False]
[Frame is ignored: False]

    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: TCP SYN/FIN]
    [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]

Total Length: 40
Identification: 0xcac7 (51911)

Header checksum: 0xd76b [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

.... .... 0... = Push: Not set

.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set

        .... .... ...1 = Fin: Set
            [Expert Info (Chat/Sequence): Connection finish (FIN)]
                [Message: Connection finish (FIN)]
                [Severity level: Chat]
                [Group: Sequence]
    Window size value: 64617
    [Calculated window size: 64617]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0xbe16 [validation disabled]

[Good Checksum: False]
[Bad Checksum: False]

No. Time Source Destination Protocol Length Info

59 4.668065000 172.16.0.41 172.16.0.83 TCP 60 epmap > compaq-wcp [ACK] Seq=919 Ack=561 Win=63681 Len=0

Frame 59: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.338556000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.338556000 seconds
    [Time delta from previous captured frame: 0.000122000 seconds]
    [Time delta from previous displayed frame: 0.000122000 seconds]
    [Time since reference or first frame: 4.668065000 seconds]
    Frame Number: 59
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)

[Frame is marked: False]
[Frame is ignored: False]

Source: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)

Type: IP (0x0800)
Padding: 020405b40101
Internet Protocol Version 4, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)

Total Length: 40
Identification: 0x9aa4 (39588)

    Header checksum: 0x078f [correct]
        [Good: True]
        [Bad: False]
    Source: 172.16.0.41 (172.16.0.41)
    Destination: 172.16.0.83 (172.16.0.83)

[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: epmap (135), Dst Port: compaq-wcp (2555), Seq: 919, Ack: 561, Len: 0
    Source port: epmap (135)
    Destination port: compaq-wcp (2555)
    [Stream index: 0]
    Sequence number: 919    (relative sequence number)
    Acknowledgment number: 561    (relative ack number)
    Header length: 20 bytes
    Flags: 0x010 (ACK)

.... .... 0... = Push: Not set

        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set

Window size value: 63681
[Calculated window size: 63681]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0xc1be [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[This is an ACK to the segment in frame: 58]
[The RTT to ACK the segment was: 0.000122000 seconds]

No. Time Source Destination Protocol Length Info

60 4.668109000 172.16.0.41 172.16.0.83 TCP 60 epmap > compaq-wcp [FIN, ACK] Seq=919 Ack=561 Win=63681 Len=0

Frame 60: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.338600000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.338600000 seconds
    [Time delta from previous captured frame: 0.000044000 seconds]
    [Time delta from previous displayed frame: 0.000044000 seconds]
    [Time since reference or first frame: 4.668109000 seconds]
    Frame Number: 60
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)

[Frame is marked: False]
[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp]
Ethernet II, Src: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: Asiarock_34:82:68 (00:0b:6a:34:82:68)
Destination: Asiarock_34:82:68 (00:0b:6a:34:82:68)

Source: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)

Type: IP (0x0800)
Padding: 020405b40101
Internet Protocol Version 4, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)

Total Length: 40
Identification: 0x9aa5 (39589)

    Header checksum: 0x078e [correct]
        [Good: True]
        [Bad: False]
    Source: 172.16.0.41 (172.16.0.41)
    Destination: 172.16.0.83 (172.16.0.83)

[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]

.... .... 0... = Push: Not set

.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0xc1bd [validation disabled]

[Good Checksum: False]
[Bad Checksum: False]

No. Time Source Destination Protocol Length Info

61 4.668122000 172.16.0.83 172.16.0.41 TCP 54 compaq-wcp > epmap [ACK] Seq=561 Ack=920 Win=64617 Len=0

Frame 61: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.338613000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.338613000 seconds
    [Time delta from previous captured frame: 0.000013000 seconds]
    [Time delta from previous displayed frame: 0.000013000 seconds]
    [Time since reference or first frame: 4.668122000 seconds]
    Frame Number: 61
    Frame Length: 54 bytes (432 bits)
    Capture Length: 54 bytes (432 bits)

[Frame is marked: False]
[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp]

Total Length: 40
Identification: 0xcac8 (51912)

Header checksum: 0xd76a [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: compaq-wcp (2555), Dst Port: epmap (135), Seq: 561, Ack: 920, Len: 0
    Source port: compaq-wcp (2555)
    Destination port: epmap (135)
    [Stream index: 0]
    Sequence number: 561    (relative sequence number)
    Acknowledgment number: 920    (relative ack number)
    Header length: 20 bytes
    Flags: 0x010 (ACK)

.... .... 0... = Push: Not set

        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set

Window size value: 64617
[Calculated window size: 64617]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0xbe15 [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[This is an ACK to the segment in frame: 60]
[The RTT to ACK the segment was: 0.000013000 seconds]

No. Time Source Destination Protocol Length Info

62 4.700189000 172.16.0.83 172.16.0.41 TCP 62 nicetec-nmsvc > omnisky [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

Frame 62: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.370680000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.370680000 seconds
    [Time delta from previous captured frame: 0.032067000 seconds]
    [Time delta from previous displayed frame: 0.032067000 seconds]
    [Time since reference or first frame: 4.700189000 seconds]
    Frame Number: 62
    Frame Length: 62 bytes (496 bits)
    Capture Length: 62 bytes (496 bits)

[Frame is marked: False]
[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp]

Total Length: 48
Identification: 0xcac9 (51913)

Header checksum: 0xd761 [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: nicetec-nmsvc (2556), Dst Port: omnisky (2056), Seq: 0, Len: 0
    Source port: nicetec-nmsvc (2556)
    Destination port: omnisky (2056)
    [Stream index: 1]
    Sequence number: 0    (relative sequence number)
    Header length: 28 bytes
    Flags: 0x002 (SYN)

.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set

.... .... .0.. = Reset: Not set

        .... .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish request (SYN): server port omnisky]
                [Message: Connection establish request (SYN): server port omnisky]
                [Severity level: Chat]
                [Group: Sequence]

.... .... ...0 = Fin: Not set

    Window size value: 65535
    [Calculated window size: 65535]
    Checksum: 0xded1 [validation disabled]

[Good Checksum: False]
[Bad Checksum: False]

No. Time Source Destination Protocol Length Info

63 4.700314000 172.16.0.41 172.16.0.83 TCP 62 omnisky > nicetec-nmsvc [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 SACK_PERM=1

Frame 63: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.370805000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.370805000 seconds
    [Time delta from previous captured frame: 0.000125000 seconds]
    [Time delta from previous displayed frame: 0.000125000 seconds]
    [Time since reference or first frame: 4.700314000 seconds]
    Frame Number: 63
    Frame Length: 62 bytes (496 bits)
    Capture Length: 62 bytes (496 bits)

[Frame is marked: False]
[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp]
Ethernet II, Src: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: Asiarock_34:82:68 (00:0b:6a:34:82:68)
Destination: Asiarock_34:82:68 (00:0b:6a:34:82:68)

Source: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)

Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)

Total Length: 48
Identification: 0x9aaa (39594)

    Header checksum: 0x0781 [correct]
        [Good: True]
        [Bad: False]
    Source: 172.16.0.41 (172.16.0.41)
    Destination: 172.16.0.83 (172.16.0.83)

[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: omnisky (2056), Dst Port: nicetec-nmsvc (2556), Seq: 0, Ack: 1, Len: 0
    Source port: omnisky (2056)
    Destination port: nicetec-nmsvc (2556)
    [Stream index: 1]
    Sequence number: 0    (relative sequence number)
    Acknowledgment number: 1    (relative ack number)
    Header length: 28 bytes
    Flags: 0x012 (SYN, ACK)

.... .... 0... = Push: Not set

.... .... .0.. = Reset: Not set

        .... .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port omnisky]
                [Message: Connection establish acknowledge (SYN+ACK): server port omnisky]
                [Severity level: Chat]
                [Group: Sequence]

.... .... ...0 = Fin: Not set

    Window size value: 64240
    [Calculated window size: 64240]
    Checksum: 0x040e [validation disabled]

[Good Checksum: False]
[Bad Checksum: False]

No. Time Source Destination Protocol Length Info

64 4.700341000 172.16.0.83 172.16.0.41 TCP 54 nicetec-nmsvc > omnisky [ACK] Seq=1 Ack=1 Win=65535 Len=0

Frame 64: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.370832000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.370832000 seconds
    [Time delta from previous captured frame: 0.000027000 seconds]
    [Time delta from previous displayed frame: 0.000027000 seconds]
    [Time since reference or first frame: 4.700341000 seconds]
    Frame Number: 64
    Frame Length: 54 bytes (432 bits)
    Capture Length: 54 bytes (432 bits)

[Frame is marked: False]
[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp]

Total Length: 40
Identification: 0xcaca (51914)

Header checksum: 0xd768 [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: nicetec-nmsvc (2556), Dst Port: omnisky (2056), Seq: 1, Ack: 1, Len: 0
    Source port: nicetec-nmsvc (2556)
    Destination port: omnisky (2056)
    [Stream index: 1]
    Sequence number: 1    (relative sequence number)
    Acknowledgment number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x010 (ACK)

.... .... 0... = Push: Not set

        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set

Window size value: 65535
[Calculated window size: 65535]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x2bc3 [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[This is an ACK to the segment in frame: 63]
[The RTT to ACK the segment was: 0.000027000 seconds]

No. Time Source Destination Protocol Length Info

65 4.702552000 172.16.0.83 172.16.0.41 DCERPC 185 Bind: call_id: 0 Fragment: Single, 1 context items: IRemUnknown2 V0.0 (32bit NDR), NTLMSSP_NEGOTIATE

Frame 65: 185 bytes on wire (1480 bits), 185 bytes captured (1480 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.373043000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.373043000 seconds
    [Time delta from previous captured frame: 0.002211000 seconds]
    [Time delta from previous displayed frame: 0.002211000 seconds]
    [Time since reference or first frame: 4.702552000 seconds]
    Frame Number: 65
    Frame Length: 185 bytes (1480 bits)
    Capture Length: 185 bytes (1480 bits)

    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:dcerpc]

Total Length: 171
Identification: 0xcacb (51915)

Header checksum: 0xd6e4 [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: nicetec-nmsvc (2556), Dst Port: omnisky (2056), Seq: 1, Ack: 1, Len: 131
    Source port: nicetec-nmsvc (2556)
    Destination port: omnisky (2056)
    [Stream index: 1]
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 132    (relative sequence number)]
    Acknowledgment number: 1    (relative ack number)

Window size value: 65535
[Calculated window size: 65535]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x380c [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[Bytes in flight: 131]
Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind, Fragment: Single, FragLen: 131, Call: 0

Version: 5
Version (minor): 0

Packet type: Bind (11)

    Frag Length: 131
    Auth Length: 51
    Call ID: 0
    Max Xmit Frag: 4280
    Max Recv Frag: 4280
    Assoc Group: 0x00000000
    Num Ctx Items: 1
    Ctx Item[1]: ID:0
        Context ID: 0
        Num Trans Items: 1
        Abstract Syntax: IRemUnknown2 V0.0
            Interface: IRemUnknown2 UUID: 00000143-0000-0000-c000-000000000046
            Interface Ver: 0
            Interface Ver Minor: 0
        Transfer Syntax[1]: 32bit NDR V2
            Transport Syntax: 32bit NDR UUID:8a885d04-1ceb-11c9-9fe8-08002b104860
            ver: 2

    Auth type: NTLMSSP (10)
    Auth level: Connect (2)
    Auth pad len: 0
    Auth Rsrvd: 0

Auth Context ID: 2

NTLM Secure Service Provider
NTLMSSP identifier: NTLMSSP

NTLM Message Type: NTLMSSP_NEGOTIATE (0x00000001)
Flags: 0xa008b207

.... .... 0... .... .... .... .... .... = Negotiate Target Info: Not set

.... .... .... ...0 .... .... .... .... = Target Type Domain: Not set

.... .... .... .... 1... .... .... .... = Negotiate Always Sign: Set
.... .... .... .... .0.. .... .... .... = Negotiate 0x00004000: Not set

.... .... .... .... ..1. .... .... .... = Negotiate OEM Workstation Supplied: Set
.... .... .... .... ...1 .... .... .... = Negotiate OEM Domain Supplied: Set

.... .... .... .... .... .... .... ..1. = Negotiate OEM: Set

.... .... .... .... .... .... .... ...1 = Negotiate UNICODE: Set

No. Time Source Destination Protocol Length Info

66 4.702913000 172.16.0.41 172.16.0.83 DCERPC 260 Bind_ack: call_id: 0 Fragment: Single, max_xmit: 4280 max_recv: 4280, 1 results: Acceptance, NTLMSSP_CHALLENGE

Frame 66: 260 bytes on wire (2080 bits), 260 bytes captured (2080 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.373404000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.373404000 seconds
    [Time delta from previous captured frame: 0.000361000 seconds]
    [Time delta from previous displayed frame: 0.000361000 seconds]
    [Time since reference or first frame: 4.702913000 seconds]
    Frame Number: 66
    Frame Length: 260 bytes (2080 bits)
    Capture Length: 260 bytes (2080 bits)

    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:dcerpc]

Ethernet II, Src: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: Asiarock_34:82:68 (00:0b:6a:34:82:68)
Destination: Asiarock_34:82:68 (00:0b:6a:34:82:68)

Source: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)

Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)

Total Length: 246
Identification: 0x9aab (39595)

    Header checksum: 0x06ba [correct]
        [Good: True]
        [Bad: False]
    Source: 172.16.0.41 (172.16.0.41)
    Destination: 172.16.0.83 (172.16.0.83)

[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: omnisky (2056), Dst Port: nicetec-nmsvc (2556), Seq: 1, Ack: 132, Len: 206
    Source port: omnisky (2056)
    Destination port: nicetec-nmsvc (2556)
    [Stream index: 1]
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 207    (relative sequence number)]
    Acknowledgment number: 132    (relative ack number)

Window size value: 64109
[Calculated window size: 64109]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x464a [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

        [This is an ACK to the segment in frame: 65]
        [The RTT to ACK the segment was: 0.000361000 seconds]
        [Bytes in flight: 206]
Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Bind_ack, Fragment: Single, FragLen: 206, Call: 0

Version: 5
Version (minor): 0

Packet type: Bind_ack (12)

    Frag Length: 206
    Auth Length: 138
    Call ID: 0
    Max Xmit Frag: 4280
    Max Recv Frag: 4280
    Assoc Group: 0x000123c2
    Scndry Addr len: 5
    Scndry Addr: 2056
    Num results: 1
    Context ID[1]
        Ack result: Acceptance (0)
        Transfer Syntax: 32bit NDR
        Syntax ver: 2

    Auth type: NTLMSSP (10)
    Auth level: Connect (2)
    Auth pad len: 0
    Auth Rsrvd: 0

Auth Context ID: 2

NTLM Secure Service Provider
NTLMSSP identifier: NTLMSSP

        NTLM Message Type: NTLMSSP_CHALLENGE (0x00000002)
        Target Name: SG5
            Length: 6
            Maxlen: 6
            Offset: 48

        NTLM Server Challenge: 383f8c84bf6cba3d
        Reserved: 0000000000000000
        Target Info
            Length: 84
            Maxlen: 84
            Offset: 54
            Attribute: NetBIOS domain name: SG5
                Target Info Item Type: NetBIOS domain name (0x0002)
                Target Info Item Length: 6
                NetBIOS Domain Name: SG5
            Attribute: NetBIOS computer name: AA01CS1
                Target Info Item Type: NetBIOS computer name (0x0001)
                Target Info Item Length: 14
                NetBIOS Computer Name: AA01CS1
            Attribute: DNS domain name: SG5.TKN
                Target Info Item Type: DNS domain name (0x0004)
                Target Info Item Length: 14
                DNS Domain Name: SG5.TKN
            Attribute: DNS computer name: AA01CS1.SG5.TKN
                Target Info Item Type: DNS computer name (0x0003)
                Target Info Item Length: 30
                DNS Computer Name: AA01CS1.SG5.TKN
            Attribute: End of list
                Target Info Item Type: End of list (0x0000)
                Target Info Item Length: 0

No. Time Source Destination Protocol Length Info

67 4.709714000 172.16.0.83 172.16.0.41 DCERPC 258 AUTH3: call_id: 0 Fragment: Single, NTLMSSP_AUTH, User: SG5.TKN\Administrator

Frame 67: 258 bytes on wire (2064 bits), 258 bytes captured (2064 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.380205000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.380205000 seconds
    [Time delta from previous captured frame: 0.006801000 seconds]
    [Time delta from previous displayed frame: 0.006801000 seconds]
    [Time since reference or first frame: 4.709714000 seconds]
    Frame Number: 67

    Frame Length: 258 bytes (2064 bits)
    Capture Length: 258 bytes (2064 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:dcerpc]

Identification: 0xcacc (51916)

Header checksum: 0xd69a [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: nicetec-nmsvc (2556), Dst Port: omnisky (2056), Seq: 132, Ack: 207, Len: 204
Source port: nicetec-nmsvc (2556)
Destination port: omnisky (2056)

    [Stream index: 1]
    Sequence number: 132    (relative sequence number)
    [Next sequence number: 336    (relative sequence number)]
    Acknowledgment number: 207    (relative ack number)
    Header length: 20 bytes
    Flags: 0x018 (PSH, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 1... = Push: Set
        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
    Window size value: 65329
    [Calculated window size: 65329]
    [Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x89ff [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[This is an ACK to the segment in frame: 66]
[The RTT to ACK the segment was: 0.006801000 seconds]

Auth Context ID: 2

    NTLM Secure Service Provider
        NTLMSSP identifier: NTLMSSP
        NTLM Message Type: NTLMSSP_AUTH (0x00000003)

Lan Manager Response: dadb9f77eb4f119500000000000000000000000000000000

            Length: 24
            Maxlen: 24
            Offset: 64

NTLM Client Challenge: dadb9f77eb4f1195
NTLM Response: 4571fa79a8a3257d4e631267dc63b3907fe9552e493114f4

Host name: JCIFS0_83_27

No. Time Source Destination Protocol Length Info

69 4.848411000 172.16.0.41 172.16.0.83 TCP 60 omnisky > nicetec-nmsvc [ACK] Seq=207 Ack=336 Win=63905 Len=0

Frame 69: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.518902000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.518902000 seconds
    [Time delta from previous captured frame: 0.001092000 seconds]
    [Time delta from previous displayed frame: 0.138697000 seconds]
    [Time since reference or first frame: 4.848411000 seconds]
    Frame Number: 69
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)

[Frame is marked: False]
[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp]
Ethernet II, Src: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: Asiarock_34:82:68 (00:0b:6a:34:82:68)
Destination: Asiarock_34:82:68 (00:0b:6a:34:82:68)

Source: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)

Type: IP (0x0800)
Padding: 020405b40101
Internet Protocol Version 4, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)

Total Length: 40
Identification: 0x9ab8 (39608)

    Header checksum: 0x077b [correct]
        [Good: True]
        [Bad: False]
    Source: 172.16.0.41 (172.16.0.41)
    Destination: 172.16.0.83 (172.16.0.83)

[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: omnisky (2056), Dst Port: nicetec-nmsvc (2556), Seq: 207, Ack: 336, Len: 0
    Source port: omnisky (2056)
    Destination port: nicetec-nmsvc (2556)
    [Stream index: 1]
    Sequence number: 207    (relative sequence number)
    Acknowledgment number: 336    (relative ack number)
    Header length: 20 bytes
    Flags: 0x010 (ACK)

.... .... 0... = Push: Not set

        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set

Window size value: 63905
[Calculated window size: 63905]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x3004 [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[This is an ACK to the segment in frame: 67]
[The RTT to ACK the segment was: 0.138697000 seconds]

No. Time Source Destination Protocol Length Info

70 4.848485000 172.16.0.83 172.16.0.41 IRemUnknown2 174 RemAddRef request

Frame 70: 174 bytes on wire (1392 bits), 174 bytes captured (1392 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.518976000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.518976000 seconds
    [Time delta from previous captured frame: 0.000074000 seconds]
    [Time delta from previous displayed frame: 0.000074000 seconds]
    [Time since reference or first frame: 4.848485000 seconds]
    Frame Number: 70
    Frame Length: 174 bytes (1392 bits)
    Capture Length: 174 bytes (1392 bits)

    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:dcerpc]

Total Length: 160
Identification: 0xcacd (51917)

Header checksum: 0xd6ed [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: nicetec-nmsvc (2556), Dst Port: omnisky (2056), Seq: 336, Ack: 207, Len: 120
    Source port: nicetec-nmsvc (2556)
    Destination port: omnisky (2056)
    [Stream index: 1]
    Sequence number: 336    (relative sequence number)
    [Next sequence number: 456    (relative sequence number)]

Checksum: 0x8cf3 [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[Bytes in flight: 120]
Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 120, Call: 1 Ctx: 0, [Resp: #71]

Version: 5
Version (minor): 0

    Packet type: Request (0)
    Packet Flags: 0x83
        1... .... = Object: Set

        .0.. .... = Maybe: Not set
        ..0. .... = Did Not Execute: Not set
        ...0 .... = Multiplex: Not set
        .... 0... = Reserved: Not set
        .... .0.. = Cancel Pending: Not set
        .... ..1. = Last Frag: Set
        .... ...1 = First Frag: Set
    Data Representation: 10000000
        Byte order: Little-endian (1)
        Character: ASCII (0)
        Floating-point: IEEE (0)

    Frag Length: 120
    Auth Length: 0
    Call ID: 1
    Alloc hint: 80
    Context ID: 0
    Opnum: 4
    Object UUID: 0000ac03-04e4-05a8-b902-67d5d342cb6c
    [Response in frame: 71]
IRemUnknown2, RemAddRef
    Operation: RemAddRef (4)
    [Response in frame: 71]
    Stub data (80 bytes)

No. Time Source Destination Protocol Length Info

71 4.850448000 172.16.0.41 172.16.0.83 IRemUnknown2 134 RemAddRef response

Frame 71: 134 bytes on wire (1072 bits), 134 bytes captured (1072 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.520939000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.520939000 seconds
    [Time delta from previous captured frame: 0.001963000 seconds]
    [Time delta from previous displayed frame: 0.001963000 seconds]
    [Time since reference or first frame: 4.850448000 seconds]
    Frame Number: 71
    Frame Length: 134 bytes (1072 bits)
    Capture Length: 134 bytes (1072 bits)

    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:dcerpc]

Ethernet II, Src: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: Asiarock_34:82:68 (00:0b:6a:34:82:68)
Destination: Asiarock_34:82:68 (00:0b:6a:34:82:68)

Source: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)

Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)

Total Length: 120
Identification: 0x9ab9 (39609)

    Header checksum: 0x072a [correct]
        [Good: True]
        [Bad: False]
    Source: 172.16.0.41 (172.16.0.41)
    Destination: 172.16.0.83 (172.16.0.83)

[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: omnisky (2056), Dst Port: nicetec-nmsvc (2556), Seq: 207, Ack: 456, Len: 80
    Source port: omnisky (2056)
    Destination port: nicetec-nmsvc (2556)
    [Stream index: 1]
    Sequence number: 207    (relative sequence number)
    [Next sequence number: 287    (relative sequence number)]
    Acknowledgment number: 456    (relative ack number)

Window size value: 63785
[Calculated window size: 63785]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0xaaee [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

        [This is an ACK to the segment in frame: 70]
        [The RTT to ACK the segment was: 0.001963000 seconds]
        [Bytes in flight: 80]
Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 80, Call: 1 Ctx: 0, [Req: #70]

Version: 5
Version (minor): 0

Packet type: Response (2)

    Frag Length: 80
    Auth Length: 16
    Call ID: 1
    Alloc hint: 20
    Context ID: 0
    Cancel count: 0

Auth type: NTLMSSP (10)
Auth level: Connect (2)

    Auth pad len: 12
    Auth Rsrvd: 0
    Auth Context ID: 2
    Opnum: 4
    [Object UUID: 0000ac03-04e4-05a8-b902-67d5d342cb6c]
    [Request in frame: 70]
    [Time from request: 0.001963000 seconds]
    NTLMSSP Verifier
        Version Number: 1
        Verifier Body: 000000000000000000000000
IRemUnknown2, RemAddRef
    Operation: RemAddRef (4)
    [Request in frame: 70]
    Stub data (20 bytes)
    Auth Padding (12 bytes)

No. Time Source Destination Protocol Length Info

72 4.881006000 172.16.0.83 172.16.0.41 IRemUnknown2 174 RemRelease request Cnt=1 Refs=10-0[Long frame (16 bytes)]

Frame 72: 174 bytes on wire (1392 bits), 174 bytes captured (1392 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.551497000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.551497000 seconds
    [Time delta from previous captured frame: 0.030558000 seconds]
    [Time delta from previous displayed frame: 0.030558000 seconds]
    [Time since reference or first frame: 4.881006000 seconds]
    Frame Number: 72
    Frame Length: 174 bytes (1392 bits)
    Capture Length: 174 bytes (1392 bits)

    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:dcerpc]

Total Length: 160
Identification: 0xcace (51918)

Header checksum: 0xd6ec [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: nicetec-nmsvc (2556), Dst Port: omnisky (2056), Seq: 456, Ack: 287, Len: 120
    Source port: nicetec-nmsvc (2556)
    Destination port: omnisky (2056)
    [Stream index: 1]
    Sequence number: 456    (relative sequence number)
    [Next sequence number: 576    (relative sequence number)]
    Acknowledgment number: 287    (relative ack number)

Window size value: 65249
[Calculated window size: 65249]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x8597 [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

        [This is an ACK to the segment in frame: 71]
        [The RTT to ACK the segment was: 0.030558000 seconds]
        [Bytes in flight: 120]
Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Request, Fragment: Single, FragLen: 120, Call: 2 Ctx: 0, [Resp: #73]

Version: 5
Version (minor): 0

    Packet type: Request (0)
    Packet Flags: 0x83
        1... .... = Object: Set

    Frag Length: 120
    Auth Length: 0
    Call ID: 2
    Alloc hint: 80
    Context ID: 0
    Opnum: 5
    Object UUID: 0000ac03-04e4-05a8-b902-67d5d342cb6c
    [Response in frame: 73]
IRemUnknown2, RemRelease
    Operation: RemRelease (5)
    [Response in frame: 73]
    DCOM, ORPCThis, V5.2, Causality ID: 0a3c0500-ccc4-9013-887d-9f165c087753
        VersionMajor: 5
        VersionMinor: 2
        Flags: INFO_NULL (0x00000000)
        Reserved: 0x00000000
        Causality ID: 0a3c0500-ccc4-9013-887d-9f165c087753
    [Object UUID/IPID: 0000ac03-04e4-05a8-b902-67d5d342cb6c]
    InterfaceRefs: 1
    RemInterfaceRef[1]: IPID=00019422-04e4-05a8-a9c8-b5a439c204f8, PublicRefs=10, PrivateRefs=0
        IPID: 00019422-04e4-05a8-a9c8-b5a439c204f8
        PublicRefs: 10
        PrivateRefs: 0
    [Long frame (16 bytes)]

No. Time Source Destination Protocol Length Info

73 4.881746000 172.16.0.41 172.16.0.83 IRemUnknown2 118 RemRelease response -> S_OK

Frame 73: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.552237000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.552237000 seconds
    [Time delta from previous captured frame: 0.000740000 seconds]
    [Time delta from previous displayed frame: 0.000740000 seconds]
    [Time since reference or first frame: 4.881746000 seconds]
    Frame Number: 73
    Frame Length: 118 bytes (944 bits)
    Capture Length: 118 bytes (944 bits)

    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:dcerpc]

Ethernet II, Src: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: Asiarock_34:82:68 (00:0b:6a:34:82:68)
Destination: Asiarock_34:82:68 (00:0b:6a:34:82:68)

Source: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)

Type: IP (0x0800)
Internet Protocol Version 4, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)

Total Length: 104
Identification: 0x9abc (39612)

    Header checksum: 0x0737 [correct]
        [Good: True]
        [Bad: False]
    Source: 172.16.0.41 (172.16.0.41)
    Destination: 172.16.0.83 (172.16.0.83)

[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: omnisky (2056), Dst Port: nicetec-nmsvc (2556), Seq: 287, Ack: 576, Len: 64
    Source port: omnisky (2056)
    Destination port: nicetec-nmsvc (2556)
    [Stream index: 1]
    Sequence number: 287    (relative sequence number)
    [Next sequence number: 351    (relative sequence number)]
    Acknowledgment number: 576    (relative ack number)

Window size value: 63665
[Calculated window size: 63665]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x9ce6 [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

        [This is an ACK to the segment in frame: 72]
        [The RTT to ACK the segment was: 0.000740000 seconds]
        [Bytes in flight: 64]
Distributed Computing Environment / Remote Procedure Call (DCE/RPC) Response, Fragment: Single, FragLen: 64, Call: 2 Ctx: 0, [Req: #72]

Version: 5
Version (minor): 0

Packet type: Response (2)

    Frag Length: 64
    Auth Length: 16
    Call ID: 2
    Alloc hint: 12
    Context ID: 0
    Cancel count: 0

Auth type: NTLMSSP (10)
Auth level: Connect (2)

    Auth pad len: 4
    Auth Rsrvd: 0
    Auth Context ID: 2
    Opnum: 5
    [Object UUID: 0000ac03-04e4-05a8-b902-67d5d342cb6c]
    [Request in frame: 72]
    [Time from request: 0.000740000 seconds]
    NTLMSSP Verifier
        Version Number: 1
        Verifier Body: 000000000000000000000000
IRemUnknown2, RemRelease
    Operation: RemRelease (5)
    [Request in frame: 72]
    DCOM, ORPCThat
        Flags: INFO_NULL (0x00000000)
    [Object UUID/IPID: 0000ac03-04e4-05a8-b902-67d5d342cb6c]
    HResult: S_OK (0x00000000)
    Auth Padding (4 bytes)

No. Time Source Destination Protocol Length Info

74 4.886561000 172.16.0.83 172.16.0.41 TCP 54 nicetec-nmsvc > omnisky [FIN, ACK] Seq=576 Ack=351 Win=65185 Len=0

Frame 74: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.557052000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.557052000 seconds
    [Time delta from previous captured frame: 0.004815000 seconds]
    [Time delta from previous displayed frame: 0.004815000 seconds]
    [Time since reference or first frame: 4.886561000 seconds]
    Frame Number: 74
    Frame Length: 54 bytes (432 bits)
    Capture Length: 54 bytes (432 bits)

[Frame is marked: False]
[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp]

Total Length: 40
Identification: 0xcacf (51919)

Header checksum: 0xd763 [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: nicetec-nmsvc (2556), Dst Port: omnisky (2056), Seq: 576, Ack: 351, Len: 0
    Source port: nicetec-nmsvc (2556)
    Destination port: omnisky (2056)
    [Stream index: 1]
    Sequence number: 576    (relative sequence number)
    Acknowledgment number: 351    (relative ack number)
    Header length: 20 bytes
    Flags: 0x011 (FIN, ACK)

.... .... 0... = Push: Not set

.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x2983 [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[This is an ACK to the segment in frame: 73]
[The RTT to ACK the segment was: 0.004815000 seconds]

No. Time Source Destination Protocol Length Info

75 4.886681000 172.16.0.41 172.16.0.83 TCP 60 omnisky > nicetec-nmsvc [ACK] Seq=351 Ack=577 Win=63665 Len=0

Frame 75: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.557172000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.557172000 seconds
    [Time delta from previous captured frame: 0.000120000 seconds]
    [Time delta from previous displayed frame: 0.000120000 seconds]
    [Time since reference or first frame: 4.886681000 seconds]
    Frame Number: 75
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)

[Frame is marked: False]
[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp]
Ethernet II, Src: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: Asiarock_34:82:68 (00:0b:6a:34:82:68)
Destination: Asiarock_34:82:68 (00:0b:6a:34:82:68)

Source: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)

Type: IP (0x0800)
Padding: 020405b40101
Internet Protocol Version 4, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)

Total Length: 40
Identification: 0x9abd (39613)

    Header checksum: 0x0776 [correct]
        [Good: True]
        [Bad: False]
    Source: 172.16.0.41 (172.16.0.41)
    Destination: 172.16.0.83 (172.16.0.83)

[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: omnisky (2056), Dst Port: nicetec-nmsvc (2556), Seq: 351, Ack: 577, Len: 0
    Source port: omnisky (2056)
    Destination port: nicetec-nmsvc (2556)
    [Stream index: 1]
    Sequence number: 351    (relative sequence number)
    Acknowledgment number: 577    (relative ack number)
    Header length: 20 bytes
    Flags: 0x010 (ACK)

.... .... 0... = Push: Not set

        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set

Window size value: 63665
[Calculated window size: 63665]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x2f73 [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[This is an ACK to the segment in frame: 74]
[The RTT to ACK the segment was: 0.000120000 seconds]

No. Time Source Destination Protocol Length Info

76 4.886713000 172.16.0.41 172.16.0.83 TCP 60 omnisky > nicetec-nmsvc [FIN, ACK] Seq=351 Ack=577 Win=63665 Len=0

Frame 76: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.557204000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.557204000 seconds
    [Time delta from previous captured frame: 0.000032000 seconds]
    [Time delta from previous displayed frame: 0.000032000 seconds]
    [Time since reference or first frame: 4.886713000 seconds]
    Frame Number: 76
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)

[Frame is marked: False]
[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp]
Ethernet II, Src: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee), Dst: Asiarock_34:82:68 (00:0b:6a:34:82:68)
Destination: Asiarock_34:82:68 (00:0b:6a:34:82:68)

Source: Hewlett-_3c:e8:ee (00:0b:cd:3c:e8:ee)

Type: IP (0x0800)
Padding: 020405b40101
Internet Protocol Version 4, Src: 172.16.0.41 (172.16.0.41), Dst: 172.16.0.83 (172.16.0.83)

Total Length: 40
Identification: 0x9abe (39614)

    Header checksum: 0x0775 [correct]
        [Good: True]
        [Bad: False]
    Source: 172.16.0.41 (172.16.0.41)
    Destination: 172.16.0.83 (172.16.0.83)

[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]

.... .... 0... = Push: Not set

.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x2f72 [validation disabled]

[Good Checksum: False]
[Bad Checksum: False]

No. Time Source Destination Protocol Length Info

77 4.886725000 172.16.0.83 172.16.0.41 TCP 54 nicetec-nmsvc > omnisky [ACK] Seq=577 Ack=352 Win=65185 Len=0

Frame 77: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0

Interface id: 0
WTAP_ENCAP: 1

Arrival Time: Jul 2, 2013 13:31:05.557216000 Westeuropäische Sommerzeit

[Time shift for this packet: 0.000000000 seconds]

    Epoch Time: 1372764665.557216000 seconds
    [Time delta from previous captured frame: 0.000012000 seconds]
    [Time delta from previous displayed frame: 0.000012000 seconds]
    [Time since reference or first frame: 4.886725000 seconds]
    Frame Number: 77
    Frame Length: 54 bytes (432 bits)
    Capture Length: 54 bytes (432 bits)

[Frame is marked: False]
[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp]

Total Length: 40
Identification: 0xcad0 (51920)

Header checksum: 0xd762 [correct]

        [Good: True]
        [Bad: False]
    Source: 172.16.0.83 (172.16.0.83)
    Destination: 172.16.0.41 (172.16.0.41)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]

Transmission Control Protocol, Src Port: nicetec-nmsvc (2556), Dst Port: omnisky (2056), Seq: 577, Ack: 352, Len: 0
    Source port: nicetec-nmsvc (2556)
    Destination port: omnisky (2056)
    [Stream index: 1]
    Sequence number: 577    (relative sequence number)
    Acknowledgment number: 352    (relative ack number)
    Header length: 20 bytes
    Flags: 0x010 (ACK)

.... .... 0... = Push: Not set

        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set

Window size value: 65185
[Calculated window size: 65185]

[Window size scaling factor: -2 (no window scaling used)]

Checksum: 0x2982 [validation disabled]

        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]

[This is an ACK to the segment in frame: 76]
[The RTT to ACK the segment was: 0.000012000 seconds]

******************************************

Date: Fri, 21 Jun 2013 18:24:50 +0200

Jens Reimann

unread,

Jul 2, 2013, 11:20:40 AM7/2/13

to open...@googlegroups.com

Hi,

If you checked out the source an built it, can you then debug into the code and check the Config class of jcifs to see if the system property is properly set to the Hostname you want.

If none is set jcifs will create one random hostname. Which might be a stupid idea, but they to it that way.

...

Josef Rick

unread,

Jul 2, 2013, 11:31:18 AM7/2/13

to open...@googlegroups.com

thx for the quick answere.

I checked out the source.
Do you know where the setting it is done?
If not, it not a problem, I'll located the class/method.

W'll let you know....

Josef

Date: Tue, 2 Jul 2013 17:20:40 +0200

Subject: RE: [openSCADA] utgard 1.0 ABB Industrial it running on win2K
From: ctro...@gmail.com
To: open...@googlegroups.com

Bernd Oels

unread,

Jul 2, 2013, 1:31:21 PM7/2/13

to open...@googlegroups.com

Hello Josef,

I think I have the same problem. A call with JCIFSxxxxxx as workstationname in my wireshark dump causes an error, so browsing with the flat browser was not possible.
I searched a few hours and could not find the right function to change. If you had more luck I would be happy if you could tell me the method to change.

Thanx a lot,

Bernd

Informatikgesellschaft für
Software-Entwicklung mbH
Schönebergstraße 15
52068 Aachen

Telefon : +49 (0) 241 96888-0
Fax : +49 (0) 241 96888-69

Internet: www.ise-online.com

Amtsgericht Aachen HR B 6044, Ust-ID: DE169963889 Geschäftsführer: Dipl. Inform. Thomas Dücker, Dipl. Inform. Frank Düren, Dipl. Inform. Peter Velroyen

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden

Jens Reimann

unread,

Jul 3, 2013, 3:30:46 AM7/3/13

to open...@googlegroups.com

Hi,

the class is called "jcifs.Config". The parameters are loaded in the static initializer code block. This should also show some option on how to display the configuration of JCIFS.

Josef Rick

unread,

Jul 3, 2013, 11:30:57 AM7/3/13

to open...@googlegroups.com

Hi,

yes it is one problem.
The protie files is not read.
For testing i set the hostname by setProperty. And it works.
But I'm not able to connect still.
But, I can see the reason.
the clsid should be right. I checked once more. I used jenson opc client as the matrikon client.

So please have alook to the output:

tahnks for answeres.

Josef

output:
************************

31 [main] INFO org.openscada.opc.lib.da.Server - Socket timeout: 0

Jul 03, 2013 1:26:36 PM org.jinterop.dcom.common.JISystem logSystemPropertiesAndVersion

INFO: j-Interop Version = j-Interop 2.08

Jul 03, 2013 1:26:36 PM org.jinterop.dcom.common.JISystem logSystemPropertiesAndVersion

java.class.path = C:\Java\OPCK\opck\bin;C:\tmp\opctest\j-interop.jar;C:\tmp\opctest\jcifs-1.2.25.jar;C:\tmp\opctest\j-interopdeps.jar;C:\tmp\opctest\junit-3.8.1.jar;C:\tmp\opctest\slf4j-api-1.6.99.jar;C:\tmp\opctest\slf4j-simple-1.6.99.jar;C:\Java\OPCK\opck\src\lib\opcdcom.jar;C:\Java\OPCK\opck\src\lib\opclib.jar;C:\Java\OPCK\opck\org.openscada.opc.dcom.source_1.0.0.201303061314.jar;C:\Java\OPCK\opck\org.openscada.opc.lib.source_1.0.0.201303061314.jar

user.name = Administrator
java.vm.specification.version = 1.7

sun.java.command = testing.UtgardTutorial2 -Djcifs.properties=c:\tmp\opctest\opck.prp

java.home = C:\Programme\Java\jre7
sun.arch.data.model = 32
user.language = de
java.specification.vendor = Oracle Corporation
awt.toolkit = sun.awt.windows.WToolkit
java.vm.info = mixed mode, sharing
java.version = 1.7.0_17
java.ext.dirs = C:\Programme\Java\jre7\lib\ext;C:\WINDOWS.0\Sun\Java\lib\ext
sun.boot.class.path = C:\Programme\Java\jre7\lib\resources.jar;C:\Programme\Java\jre7\lib\rt.jar;C:\Programme\Java\jre7\lib\sunrsasign.jar;C:\Programme\Java\jre7\lib\jsse.jar;C:\Programme\Java\jre7\lib\jce.jar;C:\Programme\Java\jre7\lib\charsets.jar;C:\Programme\Java\jre7\lib\jfr.jar;C:\Programme\Java\jre7\classes
java.vendor = Oracle Corporation
file.separator = \
java.vendor.url.bug = http://bugreport.sun.com/bugreport/
sun.io.unicode.encoding = UnicodeLittle
sun.cpu.endian = little
sun.desktop = windows
sun.cpu.isalist = pentium_pro+mmx pentium_pro pentium+mmx pentium i486 i386 i86

Jul 03, 2013 1:26:36 PM org.jinterop.dcom.core.JISession createSession
INFO: Created Session: 993175446
Jul 03, 2013 1:26:36 PM org.jinterop.dcom.core.JIComOxidRuntime$ClientPingTimerTask run
INFO: Running ClientPingTimerTask !
Jul 03, 2013 1:26:36 PM org.jinterop.dcom.core.JIComOxidRuntime$ServerPingTimerTask run
INFO: Running ServerPingTimerTask !
Jul 03, 2013 1:26:36 PM org.jinterop.dcom.common.JISystem internal_dumpMap
INFO: mapOfHostnamesVsIPs: {}
Jul 03, 2013 1:26:36 PM rpc.DefaultConnection processOutgoing
INFO:
Sending BIND
Jul 03, 2013 1:26:36 PM rpc.DefaultConnection processIncoming
INFO:
Recieved BIND_ACK
Jul 03, 2013 1:26:36 PM rpc.DefaultConnection processOutgoing
INFO:
Sending AUTH3
Jul 03, 2013 1:26:36 PM rpc.DefaultConnection processOutgoing
INFO:
Sending ALTER_CTX
Jul 03, 2013 1:26:36 PM rpc.DefaultConnection processIncoming
INFO:
Recieved ALTER_CTX_RESP
java.runtime.name=Java(TM) SE Runtime Environment
sun.boot.library.path=C:\Programme\Java\jre7\bin
java.vm.version=23.7-b01
java.vm.vendor=Oracle Corporation
java.vendor.url=http://java.oracle.com/
path.separator=;
java.vm.name=Java HotSpot(TM) Client VM
file.encoding.pkg=sun.io
user.script=
user.country=DE
sun.java.launcher=SUN_STANDARD
sun.os.patch.level=Service Pack 3
java.vm.specification.name=Java Virtual Machine Specification
user.dir=C:\Java\OPCK\opck
java.runtime.version=1.7.0_17-b02
java.awt.graphicsenv=sun.awt.Win32GraphicsEnvironment
java.endorsed.dirs=C:\Programme\Java\jre7\lib\endorsed

os.arch=x86
java.io.tmpdir=C:\DOKUME~1\ADMINI~1.SG5\LOKALE~1\Temp\
line.separator=

java.vm.specification.vendor=Oracle Corporation
user.variant=
os.name=Windows XP
sun.jnu.encoding=Cp1252

java.library.path=C:\Programme\Java\jre7\bin;C:\WINDOWS.0\Sun\Java\bin;C:\WINDOWS.0\system32;C:\WINDOWS.0;C:/Programme/Java/jre7/bin/client;C:/Programme/Java/jre7/bin;C:/Programme/Java/jre7/lib/i386;C:\WINDOWS.0\system32;C:\WINDOWS.0;C:\WINDOWS.0\System32\Wbem;C:\Programme\IDM Computer Solutions\UltraEdit-32;C:\Java\eclipse;;.

java.specification.name=Java Platform API Specification
java.class.version=51.0
sun.management.compiler=HotSpot Client Compiler
os.version=5.1
user.home=C:\Dokumente und Einstellungen\Administrator.SG5
user.timezone=

java.awt.printerjob=sun.awt.windows.WPrinterJob
file.encoding=Cp1252
java.specification.version=1.7
user.name=Administrator
java.class.path=C:\Java\OPCK\opck\bin;C:\tmp\opctest\j-interop.jar;C:\tmp\opctest\jcifs-1.2.25.jar;C:\tmp\opctest\j-interopdeps.jar;C:\tmp\opctest\junit-3.8.1.jar;C:\tmp\opctest\slf4j-api-1.6.99.jar;C:\tmp\opctest\slf4j-simple-1.6.99.jar;C:\Java\OPCK\opck\src\lib\opcdcom.jar;C:\Java\OPCK\opck\src\lib\opclib.jar;C:\Java\OPCK\opck\org.openscada.opc.dcom.source_1.0.0.201303061314.jar;C:\Java\OPCK\opck\org.openscada.opc.lib.source_1.0.0.201303061314.jar
java.vm.specification.version=1.7
sun.arch.data.model=32
java.home=C:\Programme\Java\jre7
sun.java.command=testing.UtgardTutorial2 -Djcifs.properties=c:\tmp\opctest\opck.prp
java.specification.vendor=Oracle Corporation
user.language=de
awt.toolkit=sun.awt.windows.WToolkit
java.vm.info=mixed mode, sharing
java.version=1.7.0_17
java.ext.dirs=C:\Programme\Java\jre7\lib\ext;C:\WINDOWS.0\Sun\Java\lib\ext
sun.boot.class.path=C:\Programme\Java\jre7\lib\resources.jar;C:\Programme\Java\jre7\lib\rt.jar;C:\Programme\Java\jre7\lib\sunrsasign.jar;C:\Programme\Java\jre7\lib\jsse.jar;C:\Programme\Java\jre7\lib\jce.jar;C:\Programme\Java\jre7\lib\charsets.jar;C:\Programme\Java\jre7\lib\jfr.jar;C:\Programme\Java\jre7\classes

java.vendor=Oracle Corporation
file.separator=\
java.vendor.url.bug=http://bugreport.sun.com/bugreport/

sun.cpu.endian=little
sun.io.unicode.encoding=UnicodeLittle
sun.desktop=windows
sun.cpu.isalist=pentium_pro+mmx pentium_pro pentium+mmx pentium i486 i386 i86
Jul 03, 2013 1:26:37 PM rpc.DefaultConnection processOutgoing
INFO:
Sending REQUEST
Jul 03, 2013 1:26:37 PM rpc.DefaultConnection processIncoming
INFO:
Recieved RESPONSE
Jul 03, 2013 1:26:37 PM org.jinterop.dcom.core.JIComOxidRuntime addUpdateOXIDs
INFO: addUpdateOXIDs: finally this oid is { IPID ref count is 1 } and OID in bytes[] 00000: 3F 05 68 FA 00 00 5A 08 |?.hú..Z. |

, hasExpired false }
Jul 03, 2013 1:26:37 PM org.jinterop.dcom.core.JISession addToSession
INFO: [addToSession] Adding IPID: 00016c24-04e4-05a8-9728-d3f07563badc to session: 993175446
Jul 03, 2013 1:26:37 PM org.jinterop.dcom.core.JISession addToSession
INFO: for IID: 00000000-0000-0000-c000-000000000046
Jul 03, 2013 1:26:37 PM org.jinterop.dcom.core.JIComObjectImpl addRef
WARNING: addRef: Adding 5 references for 00016c24-04e4-05a8-9728-d3f07563badc session: 993175446
Jul 03, 2013 1:26:37 PM rpc.DefaultConnection processOutgoing
INFO:
Sending BIND
Jul 03, 2013 1:26:37 PM rpc.DefaultConnection processIncoming
INFO:
Recieved BIND_ACK
Jul 03, 2013 1:26:37 PM rpc.DefaultConnection processOutgoing
INFO:
Sending AUTH3
Jul 03, 2013 1:26:37 PM rpc.DefaultConnection processOutgoing
INFO:
Sending REQUEST
Jul 03, 2013 1:26:37 PM rpc.DefaultConnection processIncoming
INFO:
Recieved RESPONSE
1515 [main] INFO org.openscada.opc.lib.da.Server - Failed to connect to server

org.jinterop.dcom.common.JIException: Access is denied. [0x80070005]
    at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:161)
    at org.jinterop.dcom.core.JIRemUnknownServer.addRef_ReleaseRef(JIRemUnknownServer.java:181)
    at org.jinterop.dcom.core.JIComObjectImpl.addRef(JIComObjectImpl.java:118)
    at org.jinterop.dcom.core.JIComServer.createInstance(JIComServer.java:786)
    at org.openscada.opc.lib.da.Server.connect(Server.java:130)

at testing.UtgardTutorial2.main(UtgardTutorial2.java:71)

Caused by: org.jinterop.dcom.common.JIRuntimeException: Access is denied. [0x80070005]
    at org.jinterop.dcom.core.JICallBuilder.readResult(JICallBuilder.java:1079)
    at org.jinterop.dcom.core.JICallBuilder.read(JICallBuilder.java:957)
    at ndr.NdrObject.decode(NdrObject.java:36)
    at rpc.ConnectionOrientedEndpoint.call(ConnectionOrientedEndpoint.java:137)
    at rpc.Stub.call(Stub.java:113)
    at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:152)
    ... 5 more

1531 [main] INFO org.openscada.opc.lib.da.Server - Destroying DCOM session...
1531 [main] INFO org.openscada.opc.lib.da.Server - Destroying DCOM session... forked
80070005: Unknown error (80070005)
Jul 03, 2013 1:26:37 PM org.jinterop.dcom.core.JISession prepareForReleaseRef
WARNING: prepareForReleaseRef: Releasing numInstancesfirsttime + 5 references of IPID: 00016c24-04e4-05a8-9728-d3f07563badc session: 993175446 , numInstancesfirsttime is 5
Jul 03, 2013 1:26:37 PM org.jinterop.dcom.core.JISession releaseRefs
INFO: In releaseRefs for session : 993175446 , array length is: 1
Jul 03, 2013 1:26:37 PM rpc.DefaultConnection processOutgoing
INFO:
Sending REQUEST
Jul 03, 2013 1:26:37 PM org.jinterop.dcom.core.JIComOxidRuntime clearIPIDsforSession

INFO: clearIPIDsforSession: holder.currentSetOIDs's size is 1

Jul 03, 2013 1:26:37 PM org.jinterop.dcom.core.JISession destroySession
INFO: Destroyed Session: 993175446
Jul 03, 2013 1:26:37 PM org.jinterop.dcom.core.JISession postDestroy
INFO: About to destroy links for Session: 993175446 , size of which is 0
Jul 03, 2013 1:26:37 PM org.jinterop.dcom.core.JIComOxidRuntime destroySessionOIDs
INFO: destroySessionOIDs for session: 993175446
1547 [OPCSessionDestructor] INFO org.openscada.opc.lib.da.Server - Destructed DCOM session
1547 [OPCSessionDestructor] INFO org.openscada.opc.lib.da.Server - Session destruction took 16 ms

Exception in thread "jI_ShutdownHook" java.lang.NullPointerException
    at org.jinterop.dcom.transport.JIComTransport.close(JIComTransport.java:124)
    at rpc.ConnectionOrientedEndpoint.detach(ConnectionOrientedEndpoint.java:232)
    at rpc.Stub.detach(Stub.java:94)
    at org.jinterop.dcom.core.JIRemUnknownServer.closeStub(JIRemUnknownServer.java:193)
    at org.jinterop.dcom.core.JISession.destroySession(JISession.java:633)
    at org.jinterop.dcom.core.JISession$2.run(JISession.java:232)
    at java.lang.Thread.run(Unknown Source)

************************

Date: Wed, 3 Jul 2013 00:30:46 -0700
From: ctro...@gmail.com
To: open...@googlegroups.com
Subject: Re: [openSCADA] utgard 1.0 ABB Industrial it running on win2K

t12_inclhostname.pcapng

Jens Reimann

unread,

Jul 3, 2013, 1:40:31 PM7/3/13

to open...@googlegroups.com

Hi,

Just out of curiosity. Which jinterop jar are you using. The one from openscada?

Josef Rick

unread,

Jul 3, 2013, 1:53:52 PM7/3/13

to open...@googlegroups.com

Hi,
I had to check tomorrow. I'm off now.
But I think, I get it from openscada, but not sure. So I'll check it.

Josef

Date: Wed, 3 Jul 2013 19:40:31 +0200

Josef Rick

unread,

Jul 4, 2013, 9:10:48 AM7/4/13

to open...@googlegroups.com

Hi,

I can't recognize where I downloaded it.
So I did the doenload once more and load

jinterop
and
utgardsdk

from opsenscada.
Build the test-Application and .........lookslike the same.
here is the output from the programm:

Any ideas to change ?

Josef
******************************

31 [main] INFO org.openscada.opc.lib.da.Server - Socket timeout: 0

java.class.path=C:\Java\OPCK\opck\bin;C:\tmp\opctest\jcifs-1.2.25.jar;C:\tmp\opctest\slf4j-api-1.6.99.jar;C:\tmp\opctest\slf4j-simple-1.6.99.jar;C:\tmp\opctest\org.openscada.opc.lib_1.1.0.v20130529.jar;C:\tmp\opctest\org.openscada.jinterop.core_1.1.0.v20130529.jar;C:\tmp\opctest\org.openscada.jinterop.deps_1.1.0.v20130529.jar;C:\tmp\opctest\org.openscada.opc.dcom_1.1.0.v20130529.jar

java.vm.specification.version=1.7
sun.arch.data.model=32
java.home=C:\Programme\Java\jre7
sun.java.command=testing.UtgardTutorial2 -Djcifs.properties=c:\tmp\opctest\opck.prp
java.specification.vendor=Oracle Corporation
user.language=de
awt.toolkit=sun.awt.windows.WToolkit
java.vm.info=mixed mode, sharing
java.version=1.7.0_17
java.ext.dirs=C:\Programme\Java\jre7\lib\ext;C:\WINDOWS.0\Sun\Java\lib\ext
sun.boot.class.path=C:\Programme\Java\jre7\lib\resources.jar;C:\Programme\Java\jre7\lib\rt.jar;C:\Programme\Java\jre7\lib\sunrsasign.jar;C:\Programme\Java\jre7\lib\jsse.jar;C:\Programme\Java\jre7\lib\jce.jar;C:\Programme\Java\jre7\lib\charsets.jar;C:\Programme\Java\jre7\lib\jfr.jar;C:\Programme\Java\jre7\classes
java.vendor=Oracle Corporation
file.separator=\
java.vendor.url.bug=http://bugreport.sun.com/bugreport/
sun.cpu.endian=little
sun.io.unicode.encoding=UnicodeLittle
sun.desktop=windows
sun.cpu.isalist=pentium_pro+mmx pentium_pro pentium+mmx pentium i486 i386 i86

Jul 04, 2013 1:40:12 PM org.jinterop.dcom.common.JISystem logSystemPropertiesAndVersion
INFO: j-Interop Version = null

Jul 04, 2013 1:40:13 PM org.jinterop.dcom.common.JISystem logSystemPropertiesAndVersion

java.class.path = C:\Java\OPCK\opck\bin;C:\tmp\opctest\jcifs-1.2.25.jar;C:\tmp\opctest\slf4j-api-1.6.99.jar;C:\tmp\opctest\slf4j-simple-1.6.99.jar;C:\tmp\opctest\org.openscada.opc.lib_1.1.0.v20130529.jar;C:\tmp\opctest\org.openscada.jinterop.core_1.1.0.v20130529.jar;C:\tmp\opctest\org.openscada.jinterop.deps_1.1.0.v20130529.jar;C:\tmp\opctest\org.openscada.opc.dcom_1.1.0.v20130529.jar

user.name = Administrator
java.vm.specification.version = 1.7
sun.java.command = testing.UtgardTutorial2 -Djcifs.properties=c:\tmp\opctest\opck.prp
java.home = C:\Programme\Java\jre7
sun.arch.data.model = 32
user.language = de
java.specification.vendor = Oracle Corporation
awt.toolkit = sun.awt.windows.WToolkit
java.vm.info = mixed mode, sharing
java.version = 1.7.0_17
java.ext.dirs = C:\Programme\Java\jre7\lib\ext;C:\WINDOWS.0\Sun\Java\lib\ext
sun.boot.class.path = C:\Programme\Java\jre7\lib\resources.jar;C:\Programme\Java\jre7\lib\rt.jar;C:\Programme\Java\jre7\lib\sunrsasign.jar;C:\Programme\Java\jre7\lib\jsse.jar;C:\Programme\Java\jre7\lib\jce.jar;C:\Programme\Java\jre7\lib\charsets.jar;C:\Programme\Java\jre7\lib\jfr.jar;C:\Programme\Java\jre7\classes
java.vendor = Oracle Corporation
file.separator = \
java.vendor.url.bug = http://bugreport.sun.com/bugreport/
sun.io.unicode.encoding = UnicodeLittle
sun.cpu.endian = little
sun.desktop = windows
sun.cpu.isalist = pentium_pro+mmx pentium_pro pentium+mmx pentium i486 i386 i86

422 [Timer-1] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ClientPingTimerTask !
422 [Timer-2] INFO org.jinterop.dcom.core.JIComOxidRuntime - Running ServerPingTimerTask !
422 [main] INFO org.jinterop.dcom.core.JISession - Created Session: 1694089604
Jul 04, 2013 1:40:13 PM org.jinterop.dcom.common.JISystem internal_dumpMap
INFO: mapOfHostnamesVsIPs: {}
Jul 04, 2013 1:40:13 PM rpc.DefaultConnection processOutgoing
INFO:
Sending BIND
Jul 04, 2013 1:40:13 PM rpc.DefaultConnection processIncoming
INFO:
Recieved BIND_ACK
Jul 04, 2013 1:40:13 PM rpc.DefaultConnection processOutgoing
INFO:
Sending AUTH3
Jul 04, 2013 1:40:13 PM rpc.DefaultConnection processOutgoing
INFO:
Sending ALTER_CTX
Jul 04, 2013 1:40:14 PM rpc.DefaultConnection processIncoming
INFO:
Recieved ALTER_CTX_RESP
Jul 04, 2013 1:40:14 PM rpc.DefaultConnection processOutgoing
INFO:
Sending REQUEST
Jul 04, 2013 1:40:14 PM rpc.DefaultConnection processIncoming
INFO:
Recieved RESPONSE
1453 [main] INFO org.jinterop.dcom.core.JIComOxidRuntime - addUpdateOXIDs: finally this oid is { IPID ref count is 1 } and OID in bytes[] 00000: 3F 06 BC ED 00 00 5A 1C |?.¼í..Z. |

, hasExpired false }
1453 [main] INFO org.jinterop.dcom.core.JISession - [addToSession] Adding IPID: 00000017-04e4-05a8-ba32-b750750a1000 to session: 1694089604
1453 [main] INFO org.jinterop.dcom.core.JISession - for IID: 00000000-0000-0000-c000-000000000046
1453 [main] INFO org.jinterop.dcom.core.JIComObjectImpl - addRef: Adding 5 references for 00000017-04e4-05a8-ba32-b750750a1000 session: 1694089604
Jul 04, 2013 1:40:14 PM rpc.DefaultConnection processOutgoing
INFO:
Sending BIND
Jul 04, 2013 1:40:14 PM rpc.DefaultConnection processIncoming
INFO:
Recieved BIND_ACK
Jul 04, 2013 1:40:14 PM rpc.DefaultConnection processOutgoing
INFO:
Sending AUTH3
Jul 04, 2013 1:40:14 PM rpc.DefaultConnection processOutgoing
INFO:
Sending REQUEST
Jul 04, 2013 1:40:14 PM rpc.DefaultConnection processIncoming
INFO:
Recieved RESPONSE
1562 [main] INFO org.openscada.opc.lib.da.Server - Failed to connect to server

org.jinterop.dcom.common.JIException: Access is denied. [0x80070005]

    at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:177)
    at org.jinterop.dcom.core.JIRemUnknownServer.addRef_ReleaseRef(JIRemUnknownServer.java:199)
    at org.jinterop.dcom.core.JIComObjectImpl.addRef(JIComObjectImpl.java:125)
    at org.jinterop.dcom.core.JIComServer.createInstance(JIComServer.java:876)

at org.openscada.opc.lib.da.Server.connect(Server.java:130)
at testing.UtgardTutorial2.main(UtgardTutorial2.java:71)
Caused by: org.jinterop.dcom.common.JIRuntimeException: Access is denied. [0x80070005]

    at org.jinterop.dcom.core.JICallBuilder.readResult(JICallBuilder.java:1289)
    at org.jinterop.dcom.core.JICallBuilder.read(JICallBuilder.java:1166)
    at ndr.NdrObject.decode(NdrObject.java:41)
    at rpc.ConnectionOrientedEndpoint.call(ConnectionOrientedEndpoint.java:141)
    at rpc.Stub.call(Stub.java:134)
    at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:164)
    ... 5 more
1578 [main] INFO org.openscada.opc.lib.da.Server - Destroying DCOM session...
1578 [main] INFO org.openscada.opc.lib.da.Server - Destroying DCOM session... forked
80070005: Unknown error (80070005)
1593 [OPCSessionDestructor] WARN org.jinterop.dcom.core.JISession - prepareForReleaseRef: Releasing numInstancesfirsttime + 5 references of IPID: 00000017-04e4-05a8-ba32-b750750a1000 session: 1694089604 , numInstancesfirsttime is 5
1593 [OPCSessionDestructor] INFO org.jinterop.dcom.core.JISession - In releaseRefs for session : 1694089604 , array length is: 1
Jul 04, 2013 1:40:14 PM rpc.DefaultConnection processOutgoing
INFO:
Sending REQUEST
1593 [OPCSessionDestructor] INFO org.jinterop.dcom.core.JIComOxidRuntime - clearIPIDsforSession: holder.currentSetOIDs's size is 1
1609 [OPCSessionDestructor] INFO org.jinterop.dcom.core.JISession - Destroyed Session: 1694089604
1609 [OPCSessionDestructor] INFO org.jinterop.dcom.core.JISession - About to destroy 0 sessesion which are linked to this session: 1694089604
1609 [OPCSessionDestructor] INFO org.jinterop.dcom.core.JIComOxidRuntime - destroySessionOIDs for session: 1694089604
1609 [OPCSessionDestructor] INFO org.openscada.opc.lib.da.Server - Destructed DCOM session
1609 [OPCSessionDestructor] INFO org.openscada.opc.lib.da.Server - Session destruction took 16 ms

******************************

Date: Wed, 3 Jul 2013 19:40:31 +0200

t13_newdcom.pcapng

Josef Rick

unread,

Aug 9, 2013, 3:30:43 AM8/9/13

to open...@googlegroups.com

Hi, I do some checks, but without any positive results.

Can anyone explain to me, how the testing clients: Matrikon, kassel, or jenson connect to the OPC server with login, and the problems of right login ?

May is is a way to established the connection in same matter?

Thanks for answere

From: jr4...@hotmail.de
To: open...@googlegroups.com

Subject: RE: [openSCADA] utgard 1.0 ABB Industrial it running on win2K

Date: Thu, 4 Jul 2013 13:10:48 +0000

徐刚辉

unread,

Jun 9, 2014, 6:48:11 AM6/9/14

to open...@googlegroups.com

I have the same problem. Do you have any solution? Thanks.

Jens Reimann

unread,

Jun 9, 2014, 7:00:36 AM6/9/14

to open...@googlegroups.com

Can you tell me which problem you exactly have? Access denied is a vast field of issues. ;-)

On Jun 9, 2014 12:48 PM, "徐刚辉" <pers...@gmail.com> wrote:

I have the same problem. Do you have any solution? Thanks.

--
You received this message because you are subscribed to the Google Groups "openSCADA" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openscada+...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

徐刚辉

unread,

Jun 10, 2014, 3:06:11 AM6/10/14

to open...@googlegroups.com

Here is the output:

14-06-10 15:04:43 - INFO org.openscada.opc.lib.da.Server - Socket timeout: 0 
六月 10, 2014 3:04:43 下午 org.jinterop.dcom.common.JISystem logSystemPropertiesAndVersion
信息: j-Interop Version = null

六月 10, 2014 3:04:43 下午 org.jinterop.dcom.common.JISystem logSystemPropertiesAndVersion
信息: java.runtime.name = Java(TM) SE Runtime Environment
sun.boot.library.path = C:\Program Files\Java\jre8\bin
java.vm.version = 25.5-b02
java.vm.vendor = Oracle Corporation


java.vendor.url = http://java.oracle.com/
path.separator = ;


java.vm.name = Java HotSpot(TM) 64-Bit Server VM
file.encoding.pkg = sun.io
user.country = CN
user.script = 
sun.java.launcher = SUN_STANDARD
sun.os.patch.level = 
java.vm.specification.name = Java Virtual Machine Specification
user.dir = D:\Projects\Data_gatherer\src\Data_gatherer_opc_java
java.runtime.version = 1.8.0_05-b13
java.awt.graphicsenv = sun.awt.Win32GraphicsEnvironment
java.endorsed.dirs = C:\Program Files\Java\jre8\lib\endorsed
os.arch = amd64
java.io.tmpdir = C:\Users\Percy\AppData\Local\Temp\


line.separator = 

java.vm.specification.vendor = Oracle Corporation
user.variant =

 
os.name = Windows 8.1
sun.jnu.encoding = GBK
java.library.path = C:\Program Files\Java\jre8\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Program Files (x86)\Windows Resource Kits\Tools\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\Zend\ZendServer\share\ZendFramework\bin;C:\Program Files (x86)\Zend\ZendServer\bin;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\;D:\Softwares\Programming_languages\C++\Android\android-ndk-r9d;C:\Python27;C:\Program Files (x86)\Windows Resource Kits\Tools;D:\Softwares\Game_engines\Cocos2d-x\cocos2d-x-3.1\tools\cocos2d-console\bin;.


java.specification.name = Java Platform API Specification


java.class.version = 52.0
sun.management.compiler = HotSpot 64-Bit Tiered Compilers
os.version = 6.3
user.home = C:\Users\Percy
user.timezone = Asia/Shanghai
java.awt.printerjob = sun.awt.windows.WPrinterJob
file.encoding = UTF-8
java.specification.version = 1.8
java.class.path = D:\Projects\Data_gatherer\src\Data_gatherer_opc_java\bin;D:\Projects\libpercy\src\libpercy-j\bin;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\annotations-api.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\catalina-ant.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\catalina-ha.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\catalina-tribes.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\catalina.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\ecj-P20140317-1600.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\el-api.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\jasper-el.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\jasper.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\jsp-api.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\servlet-api.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\tomcat-api.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\tomcat-coyote.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\tomcat-dbcp.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\tomcat-i18n-es.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\tomcat-i18n-fr.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\tomcat-i18n-ja.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\tomcat-jdbc.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\tomcat-util.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\tomcat7-websocket.jar;C:\Program Files\Apache Software Foundation\Tomcat 7.0\lib\websocket-api.jar;D:\Projects\libpercy\Libraries\J-interop\jcifs-1.2.19.jar;D:\Projects\libpercy\Libraries\J-interop\j-interop.jar;D:\Projects\libpercy\Libraries\J-interop\j-interopdeps.jar;D:\Projects\Data_gatherer\src\Data_gatherer_opc_java\lib;D:\Projects\Data_gatherer\src\Data_gatherer_opc_java\lib\j-interop.jar;D:\Projects\Data_gatherer\src\Data_gatherer_opc_java\lib\j-interopdeps.jar;D:\Projects\Data_gatherer\src\Data_gatherer_opc_java\lib\org.openscada.opc.dcom_1.1.0.v20130529.jar;D:\Projects\Data_gatherer\src\Data_gatherer_opc_java\lib\org.openscada.opc.lib_1.1.0.v20130529.jar;D:\Projects\Data_gatherer\src\Data_gatherer_opc_java\lib\commons-net-3.3.jar;D:\Projects\Data_gatherer\src\Data_gatherer_opc_java\lib\log4j-1.2.17.jar;D:\Projects\Data_gatherer\src\Data_gatherer_opc_java\lib\slf4j-api-1.7.5.jar;D:\Projects\Data_gatherer\src\Data_gatherer_opc_java\lib\slf4j-log4j12-1.7.5.jar;D:\Projects\Data_gatherer\src\Data_gatherer_opc_java\lib\jcifs-1.3.17.jar
user.name = Percy
java.vm.specification.version = 1.8
sun.java.command = Main
java.home = C:\Program Files\Java\jre8
sun.arch.data.model = 64
user.language = zh
java.specification.vendor = Oracle Corporation


awt.toolkit = sun.awt.windows.WToolkit
java.vm.info =

 mixed mode
java.version = 1.8.0_05
java.ext.dirs = C:\Program Files\Java\jre8\lib\ext;C:\Windows\Sun\Java\lib\ext
sun.boot.class.path = C:\Program Files\Java\jre8\lib\resources.jar;C:\Program Files\Java\jre8\lib\rt.jar;C:\Program Files\Java\jre8\lib\sunrsasign.jar;C:\Program Files\Java\jre8\lib\jsse.jar;C:\Program Files\Java\jre8\lib\jce.jar;C:\Program Files\Java\jre8\lib\charsets.jar;C:\Program Files\Java\jre8\lib\jfr.jar;C:\Program Files\Java\jre8\classes
java.vendor = Oracle Corporation


file.separator = \
java.vendor.url.bug = http://bugreport.sun.com/bugreport/
sun.io.unicode.encoding = UnicodeLittle
sun.cpu.endian = little
sun.desktop =

 windows
sun.cpu.isalist = amd64

六月 10, 2014 3:04:43 下午 org.jinterop.dcom.core.JIComOxidRuntime$ClientPingTimerTask run
信息: Running ClientPingTimerTask !
六月 10, 2014 3:04:43 下午 org.jinterop.dcom.core.JIComOxidRuntime$ServerPingTimerTask run
信息: Running ServerPingTimerTask !
六月 10, 2014 3:04:43 下午 org.jinterop.dcom.core.JISession$Release_References_TimerTask run
信息: Release_References_TimerTask:[RUN] Ipid Vs Count Map size 0 listOfDeferencedIpids size 0
六月 10, 2014 3:04:43 下午 org.jinterop.dcom.core.JISession$Release_References_TimerTask run
信息: Release_References_TimerTask:[RUN] Session:  -320290724 , listOfDeferencedIpids: []
六月 10, 2014 3:04:43 下午 org.jinterop.dcom.core.JISession createSession
信息: Created Session: -320290724
六月 10, 2014 3:04:43 下午 org.jinterop.dcom.core.JISession$Release_References_TimerTask run
信息: Release_References_TimerTask:[RUN] Ipid Vs Count Map size after preparing release 0
六月 10, 2014 3:04:43 下午 org.jinterop.dcom.common.JISystem internal_dumpMap
信息: mapOfHostnamesVsIPs: {}
六月 10, 2014 3:04:43 下午 rpc.DefaultConnection processOutgoing
信息: 
 Sending BIND
六月 10, 2014 3:04:43 下午 rpc.DefaultConnection processIncoming
信息: 
 Recieved BIND_ACK
六月 10, 2014 3:04:43 下午 rpc.DefaultConnection processOutgoing
信息: 
 Sending AUTH3
六月 10, 2014 3:04:43 下午 rpc.DefaultConnection processOutgoing
信息: 
 Sending REQUEST
六月 10, 2014 3:04:43 下午 rpc.DefaultConnection processIncoming
信息: 
 Recieved RESPONSE
六月 10, 2014 3:04:43 下午 rpc.DefaultConnection processOutgoing
信息: 
 Sending ALTER_CTX
六月 10, 2014 3:04:43 下午 rpc.DefaultConnection processIncoming
信息: 
 Recieved ALTER_CTX_RESP
六月 10, 2014 3:04:43 下午 rpc.DefaultConnection processOutgoing
信息: 
 Sending REQUEST
六月 10, 2014 3:04:43 下午 rpc.DefaultConnection processIncoming
信息: 
 Recieved RESPONSE
六月 10, 2014 3:04:43 下午 org.jinterop.dcom.core.JIComOxidRuntime addUpdateOXIDs
信息: addUpdateOXIDs: finally this oid is { IPID ref count is 1 } and OID in bytes[] 00000: 5C 3F 3B 86 55 B0 4E FE                          |\?;.U°Nþ        |

 , hasExpired false } 
六月 10, 2014 3:04:43 下午 org.jinterop.dcom.core.JISession addToSession
信息: [addToSession] Adding IPID: 00009c05-1474-0000-4358-58c22884153c to session: -320290724
六月 10, 2014 3:04:43 下午 org.jinterop.dcom.core.JISession addToSession
信息:  for IID: 00000000-0000-0000-c000-000000000046 session: -320290724
六月 10, 2014 3:04:43 下午 org.jinterop.dcom.core.JIComObjectImpl addRef
警告: addRef: Adding 5 references for 00009c05-1474-0000-4358-58c22884153c session: -320290724
六月 10, 2014 3:04:43 下午 rpc.DefaultConnection processOutgoing
信息: 
 Sending BIND
六月 10, 2014 3:04:43 下午 rpc.DefaultConnection processIncoming
信息: 
 Recieved BIND_ACK
六月 10, 2014 3:04:43 下午 rpc.DefaultConnection processOutgoing
信息: 
 Sending AUTH3
六月 10, 2014 3:04:43 下午 rpc.DefaultConnection processOutgoing
信息: 
 Sending REQUEST
六月 10, 2014 3:04:44 下午 rpc.DefaultConnection processIncoming
信息: 
 Recieved RESPONSE
14-06-10 15:04:44 - INFO org.openscada.opc.lib.da.Server - Failed to connect to server
org.jinterop.dcom.common.JIException: Access is denied.  [0x80070005]
    at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:159)
    at org.jinterop.dcom.core.JIRemUnknownServer.addRef_ReleaseRef(JIRemUnknownServer.java:179)
    at org.jinterop.dcom.core.JISession.addRef_ReleaseRef(JISession.java:781)
    at org.jinterop.dcom.core.JIComObjectImpl.addRef(JIComObjectImpl.java:120)
    at org.jinterop.dcom.core.JIComServer.createInstance(JIComServer.java:875)
    at org.openscada.opc.lib.da.Server.connect(Server.java:130)
    at Manager.connect(Manager.java:267)
    at Manager.Fetch(Manager.java:209)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at libpercy.function_object.Function.Call(Function.java:15)
    at libpercy.timer.Timer.Timeout(Timer.java:56)
    at libpercy.timer.TimerManager.Update(TimerManager.java:51)
    at libpercy.looper.Looper.update(Looper.java:47)
    at libpercy.looper.Looper.Run(Looper.java:24)
    at Main.main(Main.java:11)


Caused by: org.jinterop.dcom.common.JIRuntimeException: Access is denied.  [0x80070005]


    at org.jinterop.dcom.core.JICallBuilder.readResult(JICallBuilder.java:1095)
    at org.jinterop.dcom.core.JICallBuilder.read(JICallBuilder.java:969)


    at ndr.NdrObject.decode(NdrObject.java:36)
    at rpc.ConnectionOrientedEndpoint.call(ConnectionOrientedEndpoint.java:137)
    at rpc.Stub.call(Stub.java:113)


    at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:150)
    ... 17 more
14-06-10 15:04:44 - INFO org.openscada.opc.lib.da.Server - Destroying DCOM session...
14-06-10 15:04:44 - INFO org.openscada.opc.lib.da.Server - Destroying DCOM session... forked
org.jinterop.dcom.common.JIException: Access is denied.  [0x80070005]
    at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:159)
    at org.jinterop.dcom.core.JIRemUnknownServer.addRef_ReleaseRef(JIRemUnknownServer.java:179)
    at org.jinterop.dcom.core.JISession.addRef_ReleaseRef(JISession.java:781)
    at org.jinterop.dcom.core.JIComObjectImpl.addRef(JIComObjectImpl.java:120)
    at org.jinterop.dcom.core.JIComServer.createInstance(JIComServer.java:875)
    at org.openscada.opc.lib.da.Server.connect(Server.java:130)
    at Manager.connect(Manager.java:267)
    at Manager.Fetch(Manager.java:209)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at libpercy.function_object.Function.Call(Function.java:15)
    at libpercy.timer.Timer.Timeout(Timer.java:56)
    at libpercy.timer.TimerManager.Update(TimerManager.java:51)
    at libpercy.looper.Looper.update(Looper.java:47)
    at libpercy.looper.Looper.Run(Looper.java:24)
    at Main.main(Main.java:11)


Caused by: org.jinterop.dcom.common.JIRuntimeException: Access is denied.  [0x80070005]


    at org.jinterop.dcom.core.JICallBuilder.readResult(JICallBuilder.java:1095)
    at org.jinterop.dcom.core.JICallBuilder.read(JICallBuilder.java:969)


    at ndr.NdrObject.decode(NdrObject.java:36)
    at rpc.ConnectionOrientedEndpoint.call(ConnectionOrientedEndpoint.java:137)
    at rpc.Stub.call(Stub.java:113)


    at org.jinterop.dcom.core.JIRemUnknownServer.call(JIRemUnknownServer.java:150)
    ... 17 more
六月 10, 2014 3:04:44 下午 org.jinterop.dcom.core.JISession prepareForReleaseRef
警告: prepareForReleaseRef: Releasing 10references of IPID: 00009c05-1474-0000-4358-58c22884153c session: -320290724
六月 10, 2014 3:04:44 下午 org.jinterop.dcom.core.JISession releaseRefs
信息: In releaseRefs for session : -320290724 , array length is: 1

Reply all

Reply to author

Forward

0 new messages