Running as user "root" and group "root". This could be dangerous. Capturing on eth0 0.000000 10.1.2.6 -> 10.1.2.1 DNS Standard query A winteal.tundraeng.com 0.001384 10.1.2.1 -> 10.1.2.6 DNS Standard query response A 10.1.2.3 0.004956 10.1.2.6 -> 10.1.2.3 NBNS Name query NBSTAT *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> 0.005396 10.1.2.3 -> 10.1.2.6 NBNS Name query response NBSTAT 0.010754 10.1.2.6 -> 10.1.2.3 TCP 53050 > microsoft-ds [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=11040150 TSER=0 WS=4 0.011317 10.1.2.3 -> 10.1.2.6 TCP microsoft-ds > 53050 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0 TSV=0 TSER=0 0.011374 10.1.2.6 -> 10.1.2.3 TCP 53050 > microsoft-ds [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=11040152 TSER=0 0.013096 10.1.2.6 -> 10.1.2.3 SMB Negotiate Protocol Request 0.014576 10.1.2.3 -> 10.1.2.6 SMB Negotiate Protocol Response 0.014669 10.1.2.6 -> 10.1.2.3 TCP 53050 > microsoft-ds [ACK] Seq=224 Ack=190 Win=6912 Len=0 TSV=11040155 TSER=98202 0.223474 10.0.0.0 -> 224.0.0.1 IGMP V3 Membership Query, general 0.292739 10.1.2.6 -> 224.0.0.22 IGMP V3 Membership Report / Join group 224.0.0.251 for any sources 2.681341 10.1.2.6 -> 10.1.2.3 SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE 2.682650 10.1.2.3 -> 10.1.2.6 SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED 2.682753 10.1.2.6 -> 10.1.2.3 TCP 53050 > microsoft-ds [ACK] Seq=464 Ack=770 Win=8080 Len=0 TSV=11042823 TSER=98229 2.684728 10.1.2.6 -> 10.1.2.3 SMB Session Setup AndX Request, NTLMSSP_AUTH, User: WORKGROUP\administrator 2.687273 10.1.2.3 -> 10.1.2.6 SMB Session Setup AndX Response 2.688295 10.1.2.6 -> 10.1.2.3 SMB Tree Connect AndX Request, Path: \\TEDC2\IPC$ 2.688610 10.1.2.3 -> 10.1.2.6 SMB Tree Connect AndX Response 2.689350 10.1.2.6 -> 10.1.2.3 SMB NT Create AndX Request, Path: \lsarpc 2.689839 10.1.2.3 -> 10.1.2.6 SMB NT Create AndX Response, FID: 0x8002 2.691166 10.1.2.6 -> 10.1.2.3 DCERPC Bind: call_id: 1 LSARPC V0.0 2.691727 10.1.2.3 -> 10.1.2.6 DCERPC Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 2.693089 10.1.2.6 -> 10.1.2.3 LSARPC lsa_OpenPolicy2 request 2.693763 10.1.2.3 -> 10.1.2.6 SMB Write AndX Response, FID: 0x8002, 80 bytes 2.693940 10.1.2.6 -> 10.1.2.3 SMB Read AndX Request, FID: 0x8002, 8192 bytes at offset 0 2.694325 10.1.2.3 -> 10.1.2.6 LSARPC lsa_OpenPolicy2 response 2.695219 10.1.2.6 -> 10.1.2.3 LSARPC lsa_QueryInfoPolicy2 request 2.695662 10.1.2.3 -> 10.1.2.6 SMB Write AndX Response, FID: 0x8002, 46 bytes 2.696003 10.1.2.6 -> 10.1.2.3 SMB Read AndX Request, FID: 0x8002, 8192 bytes at offset 0 2.696317 10.1.2.3 -> 10.1.2.6 LSARPC lsa_QueryInfoPolicy2 response 2.698559 10.1.2.6 -> 10.1.2.3 LSARPC lsa_QueryInfoPolicy request 2.699511 10.1.2.3 -> 10.1.2.6 SMB Write AndX Response, FID: 0x8002, 46 bytes 2.700825 10.1.2.6 -> 10.1.2.3 SMB Read AndX Request, FID: 0x8002, 8192 bytes at offset 0 2.704320 10.1.2.3 -> 10.1.2.6 LSARPC lsa_QueryInfoPolicy response 2.706097 10.1.2.6 -> 10.1.2.3 SMB NT Create AndX Request, Path: \samr 2.706753 10.1.2.3 -> 10.1.2.6 SMB NT Create AndX Response, FID: 0x8003 2.709749 10.1.2.6 -> 10.1.2.3 DCERPC Bind: call_id: 1 SAMR V1.0 2.710295 10.1.2.3 -> 10.1.2.6 DCERPC Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 2.713595 10.1.2.6 -> 10.1.2.3 SAMR Connect request 2.714361 10.1.2.3 -> 10.1.2.6 SAMR Connect response 2.717872 10.1.2.6 -> 10.1.2.3 SAMR OpenDomain request 2.718690 10.1.2.3 -> 10.1.2.6 SAMR OpenDomain response 2.722013 10.1.2.6 -> 10.1.2.3 SAMR CreateUser2 request, DEV-TEADC1$ 2.723326 10.1.2.3 -> 10.1.2.6 SAMR CreateUser2 response, STATUS_USER_EXISTS, Error: STATUS_USER_EXISTS 2.727484 10.1.2.6 -> 10.1.2.3 SAMR LookupNames request 2.728565 10.1.2.3 -> 10.1.2.6 SAMR LookupNames response 2.730907 10.1.2.6 -> 10.1.2.3 SAMR OpenUser request 2.731728 10.1.2.3 -> 10.1.2.6 SAMR OpenUser response 2.734575 10.1.2.6 -> 10.1.2.3 SAMR QueryUserInfo request 2.735233 10.1.2.3 -> 10.1.2.6 SAMR QueryUserInfo response 2.736660 10.1.2.6 -> 10.1.2.3 SAMR GetUserPwInfo request 2.738621 10.1.2.3 -> 10.1.2.6 SAMR GetUserPwInfo response 2.741657 10.1.2.6 -> 10.1.2.3 SAMR SetUserInfo2 request 2.747826 10.1.2.3 -> 10.1.2.6 SAMR SetUserInfo2 response 2.761313 10.1.2.6 -> 10.1.2.3 TCP 55048 > epmap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=11042901 TSER=0 WS=4 2.761693 10.1.2.3 -> 10.1.2.6 TCP epmap > 55048 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0 TSV=0 TSER=0 2.761732 10.1.2.6 -> 10.1.2.3 TCP 55048 > epmap [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=11042902 TSER=0 2.762877 10.1.2.6 -> 10.1.2.3 DCERPC Bind: call_id: 1 EPMv4 V3.0 2.764119 10.1.2.3 -> 10.1.2.6 DCERPC Bind_ack: call_id: 1 accept max_xmit: 5840 max_recv: 5840 2.764188 10.1.2.6 -> 10.1.2.3 TCP 55048 > epmap [ACK] Seq=73 Ack=61 Win=5840 Len=0 TSV=11042904 TSER=98230 2.765063 10.1.2.6 -> 10.1.2.3 EPM Map request 2.765528 10.1.2.3 -> 10.1.2.6 EPM Map response 2.765882 10.1.2.6 -> 10.1.2.3 TCP 55048 > epmap [FIN, ACK] Seq=229 Ack=213 Win=6912 Len=0 TSV=11042906 TSER=98230 2.766201 10.1.2.3 -> 10.1.2.6 TCP epmap > 55048 [ACK] Seq=213 Ack=230 Win=64012 Len=0 TSV=98230 TSER=11042906 2.766221 10.1.2.3 -> 10.1.2.6 TCP epmap > 55048 [FIN, ACK] Seq=213 Ack=230 Win=64012 Len=0 TSV=98230 TSER=11042906 2.766598 10.1.2.6 -> 10.1.2.3 TCP 55048 > epmap [ACK] Seq=230 Ack=214 Win=6912 Len=0 TSV=11042907 TSER=98230 2.770840 10.1.2.6 -> 10.1.2.3 TCP 36797 > cap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=11042911 TSER=0 WS=4 2.771535 10.1.2.3 -> 10.1.2.6 TCP cap > 36797 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0 TSV=0 TSER=0 2.771586 10.1.2.6 -> 10.1.2.3 TCP 36797 > cap [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=11042912 TSER=0 2.779082 10.1.2.6 -> 10.1.2.3 DCERPC Bind: call_id: 1 DRSUAPI V4.0, NTLMSSP_NEGOTIATE 2.780424 10.1.2.3 -> 10.1.2.6 DCERPC Bind_ack: call_id: 1, NTLMSSP_CHALLENGE, NTLMSSP_CHALLENGE accept max_xmit: 5840 max_recv: 5840 2.780487 10.1.2.6 -> 10.1.2.3 TCP 36797 > cap [ACK] Seq=166 Ack=528 Win=6912 Len=0 TSV=11042921 TSER=98230 2.785070 10.1.2.6 -> 10.1.2.3 DCERPC Alter_context: call_id: 1 DRSUAPI V4.0, NTLMSSP_AUTH, User: WORKGROUP\administrator 2.786899 10.1.2.3 -> 10.1.2.6 DCERPC Alter_context_resp: call_id: 1 accept max_xmit: 5840 max_recv: 5840 2.787478 10.1.2.6 -> 10.1.2.3 TCP 53050 > microsoft-ds [ACK] Seq=3932 Ack=3011 Win=13872 Len=0 TSV=11042928 TSER=98230 2.788200 10.1.2.6 -> 10.1.2.3 DRSUAPI DsBind request 2.788641 10.1.2.3 -> 10.1.2.6 DRSUAPI DsBind response 2.789170 10.1.2.6 -> 10.1.2.3 DRSUAPI DsCrackNames request 2.790196 10.1.2.3 -> 10.1.2.6 DRSUAPI DsCrackNames response 2.798660 10.1.2.6 -> 10.1.2.1 DNS Standard query A TEDC2.winteal.tundraeng.com 2.799857 10.1.2.1 -> 10.1.2.6 DNS Standard query response A 10.1.2.3 2.802554 10.1.2.6 -> 10.1.2.3 TCP 49660 > ldap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=11042942 TSER=0 WS=4 2.802880 10.1.2.3 -> 10.1.2.6 TCP ldap > 49660 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0 TSV=0 TSER=0 2.803018 10.1.2.6 -> 10.1.2.3 TCP 49660 > ldap [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=11042943 TSER=0 2.804140 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(1) "" baseObject 2.804532 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(1) "" | searchResDone(1) success 2.804570 10.1.2.6 -> 10.1.2.3 TCP 49660 > ldap [ACK] Seq=86 Ack=103 Win=5840 Len=0 TSV=11042945 TSER=98231 2.812042 10.1.2.6 -> 10.1.2.3 LDAP bindRequest(2) "" , NTLMSSP_NEGOTIATEsasl 2.813340 10.1.2.3 -> 10.1.2.6 LDAP bindResponse(2) saslBindInProgress , NTLMSSP_CHALLENGE, NTLMSSP_CHALLENGE 2.829346 10.1.2.6 -> 10.1.2.3 TCP 36797 > cap [ACK] Seq=754 Ack=985 Win=7984 Len=0 TSV=11042970 TSER=98230 2.833691 10.1.2.6 -> 10.1.2.3 LDAP bindRequest(3) "" , NTLMSSP_AUTH, User: WORKGROUP\administratorsasl 2.835207 10.1.2.3 -> 10.1.2.6 LDAP bindResponse(3) success 2.837904 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(4) "" baseObject 2.838822 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(4) "" | searchResDone(4) success 2.840164 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(5) "CN=DEV-TEADC1,CN=Computers,DC=winteal,DC=tundraeng,DC=com" baseObject 2.841519 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(5) "CN=DEV-TEADC1,CN=Computers,DC=winteal,DC=tundraeng,DC=com" | searchResDone(5) success 2.843098 10.1.2.6 -> 10.1.2.3 LDAP modifyRequest(6) "CN=DEV-TEADC1,CN=Computers,DC=winteal,DC=tundraeng,DC=com" 2.845485 10.1.2.3 -> 10.1.2.6 LDAP modifyResponse(6) success 2.847757 10.1.2.6 -> 10.1.2.3 DRSUAPI DsCrackNames request 2.848351 10.1.2.3 -> 10.1.2.6 DRSUAPI DsCrackNames response 2.848482 10.1.2.6 -> 10.1.2.3 TCP 36797 > cap [ACK] Seq=898 Ack=1209 Win=9056 Len=0 TSV=11042989 TSER=98231 2.849090 10.1.2.6 -> 10.1.2.3 TCP 49660 > ldap [FIN, ACK] Seq=1154 Ack=1469 Win=9056 Len=0 TSV=11042989 TSER=98231 2.849425 10.1.2.3 -> 10.1.2.6 TCP ldap > 49660 [ACK] Seq=1469 Ack=1155 Win=63087 Len=0 TSV=98231 TSER=11042989 2.849471 10.1.2.3 -> 10.1.2.6 TCP ldap > 49660 [FIN, ACK] Seq=1469 Ack=1155 Win=63087 Len=0 TSV=98231 TSER=11042989 2.849822 10.1.2.6 -> 10.1.2.3 TCP 49660 > ldap [ACK] Seq=1155 Ack=1470 Win=9056 Len=0 TSV=11042990 TSER=98231 2.850134 10.1.2.6 -> 10.1.2.3 TCP 36797 > cap [FIN, ACK] Seq=898 Ack=1209 Win=9056 Len=0 TSV=11042990 TSER=98231 2.850327 10.1.2.3 -> 10.1.2.6 TCP cap > 36797 [ACK] Seq=1209 Ack=899 Win=63343 Len=0 TSV=98231 TSER=11042990 2.850348 10.1.2.3 -> 10.1.2.6 TCP cap > 36797 [FIN, ACK] Seq=1209 Ack=899 Win=63343 Len=0 TSV=98231 TSER=11042990 2.850685 10.1.2.6 -> 10.1.2.3 TCP 36797 > cap [ACK] Seq=899 Ack=1210 Win=9056 Len=0 TSV=11042991 TSER=98231 2.851980 10.1.2.6 -> 10.1.2.3 CLDAP searchRequest(24493) "" baseObject 2.852410 10.1.2.3 -> 10.1.2.6 CLDAP searchResEntry(24493) "" searchResDone(24493) success 2.860657 10.1.2.6 -> 10.1.2.1 DNS Standard query A tedc2.winteal.tundraeng.com 2.861862 10.1.2.1 -> 10.1.2.6 DNS Standard query response A 10.1.2.3 2.864437 10.1.2.6 -> 10.1.2.3 TCP 49661 > ldap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=11043004 TSER=0 WS=4 2.864761 10.1.2.3 -> 10.1.2.6 TCP ldap > 49661 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0 TSV=0 TSER=0 2.864894 10.1.2.6 -> 10.1.2.3 TCP 49661 > ldap [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=11043005 TSER=0 2.865619 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(1) "" baseObject 2.865973 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(1) "" | searchResDone(1) success 2.866014 10.1.2.6 -> 10.1.2.3 TCP 49661 > ldap [ACK] Seq=86 Ack=103 Win=5840 Len=0 TSV=11043006 TSER=98231 2.873035 10.1.2.6 -> 10.1.2.3 LDAP bindRequest(2) "" , NTLMSSP_NEGOTIATEsasl 2.874766 10.1.2.3 -> 10.1.2.6 LDAP bindResponse(2) saslBindInProgress , NTLMSSP_CHALLENGE, NTLMSSP_CHALLENGE 2.892844 10.1.2.6 -> 10.1.2.3 LDAP bindRequest(3) "" , NTLMSSP_AUTH, User: WORKGROUP\administratorsasl 2.894397 10.1.2.3 -> 10.1.2.6 LDAP bindResponse(3) success 2.897340 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(4) "" baseObject 2.897829 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(4) "" | searchResDone(4) success 2.899672 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(5) "" baseObject 2.900331 10.1.2.3 -> 10.1.2.6 TCP [TCP segment of a reassembled PDU] 2.900361 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(5) "" 2.900620 10.1.2.6 -> 10.1.2.3 TCP 49661 > ldap [ACK] Seq=614 Ack=3028 Win=13776 Len=0 TSV=11043041 TSER=98231 2.901377 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(6) "CN=Configuration,DC=winteal,DC=tundraeng,DC=com" singleLevel 2.902284 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(6) "CN=Partitions,CN=Configuration,DC=winteal,DC=tundraeng,DC=com" | searchResRef(6) | searchResDone(6) success 2.902844 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(7) "DC=winteal,DC=tundraeng,DC=com" baseObject 2.903202 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(7) "DC=winteal,DC=tundraeng,DC=com" | searchResDone(7) success 2.903617 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(8) "CN=Schema,CN=Configuration,DC=winteal,DC=tundraeng,DC=com" baseObject 2.904063 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(8) "CN=Schema,CN=Configuration,DC=winteal,DC=tundraeng,DC=com" | searchResDone(8) success 2.904449 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(9) "CN=Windows2003Update,CN=DomainUpdates,CN=System,DC=winteal,DC=tundraeng,DC=com" baseObject 2.904879 10.1.2.3 -> 10.1.2.6 LDAP searchResDone(9) noSuchObject (0000208D: NameErr: DSID-031001BD, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=System,DC=winteal,DC=tundraeng,DC=com' ) 2.905424 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(10) "" baseObject 2.906116 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(10) "CN=Infrastructure,DC=winteal,DC=tundraeng,DC=com" | searchResDone(10) success 2.906614 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(11) "CN=Infrastructure,DC=winteal,DC=tundraeng,DC=com" baseObject 2.906982 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(11) "CN=Infrastructure,DC=winteal,DC=tundraeng,DC=com" | searchResDone(11) success 2.907434 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(12) "CN=TEDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com" baseObject 2.907807 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(12) "CN=TEDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com" | searchResDone(12) success 2.908122 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(13) "CN=NTDS Settings,CN=TEDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com" baseObject 2.908571 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(13) "CN=NTDS Settings,CN=TEDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com" | searchResDone(13) success 2.908906 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(14) "DC=winteal,DC=tundraeng,DC=com" baseObject 2.909822 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(14) "DC=winteal,DC=tundraeng,DC=com" | searchResDone(14) success 2.910209 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(15) "CN=RID Manager$,CN=System,DC=winteal,DC=tundraeng,DC=com" baseObject 2.910694 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(15) "CN=RID Manager$,CN=System,DC=winteal,DC=tundraeng,DC=com" | searchResDone(15) success 2.911049 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(16) "CN=TEDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com" baseObject 2.911434 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(16) "CN=TEDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com" | searchResDone(16) success 2.911756 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(17) "CN=NTDS Settings,CN=TEDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com" baseObject 2.912154 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(17) "CN=NTDS Settings,CN=TEDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com" | searchResDone(17) success 2.912505 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(18) "CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com" baseObject 2.913057 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(18) "CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com" | searchResDone(18) success 2.919565 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(19) "DC=winteal,DC=tundraeng,DC=com" wholeSubtree 2.921250 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(19) "CN=DEV-TEADC1,CN=Computers,DC=winteal,DC=tundraeng,DC=com" | searchResRef(19) | searchResDone(19) success 2.921893 10.1.2.6 -> 10.1.2.3 LDAP searchRequest(20) "CN=DEV-TEADC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com" baseObject 2.922754 10.1.2.3 -> 10.1.2.6 LDAP searchResEntry(20) "CN=DEV-TEADC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com" | searchResDone(20) success 2.924068 10.1.2.6 -> 10.1.2.3 LDAP modifyRequest(21) "CN=DEV-TEADC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com" 2.925521 10.1.2.3 -> 10.1.2.6 LDAP modifyResponse(21) attributeOrValueExists (00002083: AtrErr: DSID-03150A39, #1: 0: 00002083: DSID-03150A39, problem 1006 (ATT_OR_VALUE_EXISTS), data 0, Att 90203 (serverReference):len 172 ) 2.927177 10.1.2.6 -> 10.1.2.3 LDAP modifyRequest(22) "CN=DEV-TEADC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com" 2.929416 10.1.2.3 -> 10.1.2.6 LDAP modifyResponse(22) success 2.938991 10.1.2.6 -> 10.1.2.1 DNS Standard query A tedc2.winteal.tundraeng.com 2.940355 10.1.2.1 -> 10.1.2.6 DNS Standard query response A 10.1.2.3 2.942924 10.1.2.6 -> 10.1.2.3 TCP 55052 > epmap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=11043083 TSER=0 WS=4 2.943294 10.1.2.3 -> 10.1.2.6 TCP epmap > 55052 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0 TSV=0 TSER=0 2.943430 10.1.2.6 -> 10.1.2.3 TCP 55052 > epmap [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=11043084 TSER=0 2.944335 10.1.2.6 -> 10.1.2.3 DCERPC Bind: call_id: 1 EPMv4 V3.0 2.944709 10.1.2.3 -> 10.1.2.6 DCERPC Bind_ack: call_id: 1 accept max_xmit: 5840 max_recv: 5840 2.944752 10.1.2.6 -> 10.1.2.3 TCP 55052 > epmap [ACK] Seq=73 Ack=61 Win=5840 Len=0 TSV=11043085 TSER=98232 2.945539 10.1.2.6 -> 10.1.2.3 EPM Map request 2.945887 10.1.2.3 -> 10.1.2.6 EPM Map response 2.946201 10.1.2.6 -> 10.1.2.3 TCP 55052 > epmap [FIN, ACK] Seq=229 Ack=213 Win=6912 Len=0 TSV=11043086 TSER=98232 2.946379 10.1.2.3 -> 10.1.2.6 TCP epmap > 55052 [ACK] Seq=213 Ack=230 Win=64012 Len=0 TSV=98232 TSER=11043086 2.946425 10.1.2.3 -> 10.1.2.6 TCP epmap > 55052 [FIN, ACK] Seq=213 Ack=230 Win=64012 Len=0 TSV=98232 TSER=11043086 2.946774 10.1.2.6 -> 10.1.2.3 TCP 55052 > epmap [ACK] Seq=230 Ack=214 Win=6912 Len=0 TSV=11043087 TSER=98232 2.955627 10.1.2.6 -> 10.1.2.1 DNS Standard query A tedc2.winteal.tundraeng.com 2.957329 10.1.2.1 -> 10.1.2.6 DNS Standard query response A 10.1.2.3 2.960004 10.1.2.6 -> 10.1.2.3 TCP 36801 > cap [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=11043100 TSER=0 WS=4 2.960373 10.1.2.3 -> 10.1.2.6 TCP cap > 36801 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0 TSV=0 TSER=0 2.960504 10.1.2.6 -> 10.1.2.3 TCP 36801 > cap [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=11043101 TSER=0 2.967628 10.1.2.6 -> 10.1.2.3 TCP 36801 > cap [FIN, ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=11043108 TSER=0 2.968199 10.1.2.6 -> 10.1.2.3 TCP 49661 > ldap [FIN, ACK] Seq=3066 Ack=8161 Win=57216 Len=0 TSV=11043108 TSER=98232 2.968634 10.1.2.3 -> 10.1.2.6 TCP cap > 36801 [ACK] Seq=1 Ack=2 Win=64240 Len=0 TSV=98232 TSER=11043108 2.968694 10.1.2.3 -> 10.1.2.6 TCP ldap > 49661 [ACK] Seq=8161 Ack=3067 Win=64240 Len=0 TSV=98232 TSER=11043108 2.968716 10.1.2.3 -> 10.1.2.6 TCP cap > 36801 [FIN, ACK] Seq=1 Ack=2 Win=64240 Len=0 TSV=98232 TSER=11043108 2.968742 10.1.2.6 -> 10.1.2.3 TCP 36801 > cap [ACK] Seq=2 Ack=2 Win=5840 Len=0 TSV=11043109 TSER=98232 2.968827 10.1.2.3 -> 10.1.2.6 TCP ldap > 49661 [FIN, ACK] Seq=8161 Ack=3067 Win=64240 Len=0 TSV=98232 TSER=11043108 2.968851 10.1.2.6 -> 10.1.2.3 TCP 49661 > ldap [ACK] Seq=3067 Ack=8162 Win=57216 Len=0 TSV=11043109 TSER=98232 2.981045 10.1.2.6 -> 10.1.2.3 TCP 53050 > microsoft-ds [FIN, ACK] Seq=3932 Ack=3011 Win=13872 Len=0 TSV=11043121 TSER=98230 2.981411 10.1.2.3 -> 10.1.2.6 TCP microsoft-ds > 53050 [FIN, ACK] Seq=3011 Ack=3933 Win=63344 Len=0 TSV=98232 TSER=11043121 2.981529 10.1.2.6 -> 10.1.2.3 TCP 53050 > microsoft-ds [ACK] Seq=3933 Ack=3012 Win=13872 Len=0 TSV=11043122 TSER=98232