DCE/RPC ​

Frame 16 (156 bytes on wire, 156 bytes captured) Arrival Time: Jan 25, 2006 13:30:30.722061000 Time delta from previous packet: 0.003745000 seconds Time since reference or first frame: 0.072939000 seconds Frame Number: 16 Packet Length: 156 bytes Capture Length: 156 bytes Protocols in frame: eth:ip:tcp:nbss:smb:dcerpcEthernet II, Src: 00:50:56:c0:00:08 (00:50:56:c0:00:08), Dst: 00:0c:29:90:06:7c (00:0c:29:90:06:7c) Destination: 00:0c:29:90:06:7c (00:0c:29:90:06:7c) Source: 00:50:56:c0:00:08 (00:50:56:c0:00:08) Type: IP (0x0800)Internet Protocol, Src: 192.168.29.1 (192.168.29.1), Dst: 192.168.29.133 (192.168.29.133) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 142 Identification: 0x0d71 (3441) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (0x06) Header checksum: 0x3122 [correct] Good: True Bad : False Source: 192.168.29.1 (192.168.29.1) Destination: 192.168.29.133 (192.168.29.133)Transmission Control Protocol, Src Port: 1107 (1107), Dst Port: 139 (139), Seq: 1777360425, Ack: 1042911032, Len: 102 Source port: 1107 (1107) Destination port: 139 (139) Sequence number: 1777360425 Next sequence number: 1777360527 Acknowledgement number: 1042911032 Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 16974 Checksum: 0x3bfe [validation disabled] SEQ/ACK analysis This is an ACK to the segment in frame: 15 The RTT to ACK the segment was: 0.003745000 secondsNetBIOS Session Service Message Type: Session message Flags: 0x00 .... ...0 = Add 0 to length Length: 98SMB (Server Message Block Protocol) SMB Header Server Component: SMB Response in: 17 SMB Command: Trans (0x25) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x00 0... .... = Request/Response: Message is a request to the server .0.. .... = Notify: Notify client only on open ..0. .... = Oplocks: OpLock not requested/granted ...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized .... 0... = Case Sensitivity: Path names are case sensitive .... ..0. = Receive Buffer Posted: Receive buffer has not been posted .... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported Flags2: 0x0001 0... .... .... .... = Unicode Strings: Strings are ASCII .0.. .... .... .... = Error Code Type: Error codes are DOS error codes ..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only ...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs .... 0... .... .... = Extended Security Negotiation: Extended security negotiation is not supported .... .... .0.. .... = Long Names Used: Path names in request are not long file names .... .... .... .0.. = Security Signatures: Security signatures are not supported .... .... .... ..0. = Extended Attributes: Extended attributes are not supported .... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response Process ID High: 0 Signature: 0000000000000000 Reserved: 0000 Tree ID: 2048 Process ID: 1764 User ID: 2048 Multiplex ID: 0 Trans Request (0x25) Word Count (WCT): 16 Total Parameter Count: 0 Total Data Count: 24 Max Parameter Count: 1024 Max Data Count: 65504 Max Setup Count: 0 Reserved: 00 Flags: 0x0000 .... .... .... ..0. = One Way Transaction: Two way transaction .... .... .... ...0 = Disconnect TID: Do NOT disconnect TID Timeout: Return immediately (0) Reserved: 0000 Parameter Count: 0 Parameter Offset: 74 Data Count: 24 Data Offset: 74 Setup Count: 2 Reserved: 00 Byte Count (BCC): 31 Transaction Name: \PIPE\SMB Pipe Protocol Function: TransactNmPipe (0x0026) FID: 0x4000DCE RPC Request, Fragment: Single, FragLen: 24, Call: 1 Ctx: 0, [Resp: #17] Version: 5 Version (minor): 0 Packet type: Request (0) Packet Flags: 0x03 0... .... = Object: Not set .0.. .... = Maybe: Not set ..0. .... = Did Not Execute: Not set ...0 .... = Multiplex: Not set .... 0... = Reserved: Not set .... .0.. = Cancel Pending: Not set .... ..1. = Last Frag: Set .... ...1 = First Frag: Set Data Representation: 10000000 Byte order: Little-endian (1) Character: ASCII (0) Floating-point: IEEE (0) Frag Length: 24 Auth Length: 0 Call ID: 1 Alloc hint: 0 Context ID: 0 Opnum: 4 Response in frame: 17

 dcerpc