I was doing a capture from client's end and there were 43 packets in warnings marked with "Bind not acknowledged". Could somebody explain me what this is? Google didn't give me any help. Thanks. -Rakki asked 02 Apr '12, 23:31  rakki |
One Answer:
It means that (whether correctly or incorrectly) Wireshark thinks those packets are DCE RPC packets (at this point, Windows is probably the largest user of DCE RPC), and those are "negative acknowledgment" replies to a "bind" request. As the DCE RPC 1.1 specification says, "a remote procedure call requires a remote binding". The "bind" operation is the second of the two forms of binding-related operations. We'd have to see the full dissection of those packets to see what they mean in your capture; a bind_nak could mean a number of things. answered 04 Apr '12, 08:29  Guy Harris ♦♦ edited 04 Apr '12, 08:30 |
