This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

DCE RPC Question

0

I have a user who prints out of an application to a centralized server everyone uses and when he prints from his pc it's normal times. However, when printing out of the application its taking 40 seconds one time 1:15 another. When looking through my capture I see a delta of 59 seconds and a few packets above this the PC request something then 59 seconds later the server responds with nca_s_fault_cancel and when look this up online I don't understand what it's doing to be honest. If anyone could point me in the right direction I would appreciate it.

Thanks,

asked 14 Feb '17, 13:59

rock90's gravatar image

rock90
21111115
accept rate: 0%

Can you upload a trace file, please?

To analyze RPC we have to identify the transport protocol (plain TCP or SMB or SMB2). We also need a few details from the handshake.

Can you please upload a trace file that includes the begins (for plan TCP) with the TCP session on port 135 plus all following frames or with the SMB handshake.

Please be advised that the SMB/SMB2 handshake might include a password. Details depend on your individual configuration.

(15 Feb '17, 11:28) packethunter

Hello,

Have you ever found a solution for your question? We have the same captures on an RDS environment where we experience freezes when opening windows explorer or trying to print.

Thank you, Kind regards,

KrisV

(24 Oct '17, 05:50) krisv