Merge remote-tracking branch 'origin/topic/seth/dce_rpc_fixes'

* origin/topic/seth/dce_rpc_fixes:
  Fixes for DCE_RPC analyzer

testing/btest/Baseline/scripts.base.protocols.dce-rpc.mapi/dce_rpc.log

@@ -3,19 +3,19 @@
 #empty_field	(empty)
 #unset_field	-
 #path	dce_rpc
-#open	2016-08-08-20-13-23
+#open	2016-10-08-03-48-34
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	rtt	named_pipe	endpoint	operation
 #types	time	string	addr	port	addr	port	interval	string	string	string
-1056991898.891148	C4J4Th3PJpwUYZZ6gc	192.168.0.173	1066	192.168.0.2	135	0.000375	135	epmapper	ept_map
-1056991898.895146	CtPZjS20MLrsMUOJi2	192.168.0.173	1067	192.168.0.2	4997	0.000749	4997	nspi	NspiBind
-1056991898.902393	CUM0KZ3MLUfNB0cl11	192.168.0.173	1068	192.168.0.2	4997	0.026606	4997	nspi	NspiBind
-1056991898.931248	CmES5u32sYpV7JYN	192.168.0.173	1069	192.168.0.2	135	0.000500	135	epmapper	ept_lookup
-1056991899.586840	CP5puj4I8PtEU4qzYg	192.168.0.173	1072	192.168.0.2	135	0.000374	135	epmapper	ept_map
-1056991899.594336	C37jN32gN3y3AZzyf6	192.168.0.173	1073	192.168.0.2	1032	0.031980	1032	exchange_mapi	EcDoConnect
-1056991899.626566	C37jN32gN3y3AZzyf6	192.168.0.173	1073	192.168.0.2	1032	0.024359	1032	exchange_mapi	EcDoRpc
-1056991899.652798	C37jN32gN3y3AZzyf6	192.168.0.173	1073	192.168.0.2	1032	0.001374	1032	exchange_mapi	EcDoRpc
-1056991899.655922	C37jN32gN3y3AZzyf6	192.168.0.173	1073	192.168.0.2	1032	0.000999	1032	exchange_mapi	EcDoRpc
-1056991899.658670	C37jN32gN3y3AZzyf6	192.168.0.173	1073	192.168.0.2	1032	0.001624	1032	exchange_mapi	EcDoRpc
-1056991899.660794	C37jN32gN3y3AZzyf6	192.168.0.173	1073	192.168.0.2	1032	0.003998	1032	exchange_mapi	EcRRegisterPushNotification
-1056991899.707516	C37jN32gN3y3AZzyf6	192.168.0.173	1073	192.168.0.2	1032	0.003998	1032	exchange_mapi	EcRRegisterPushNotification
-#close	2016-08-08-20-13-23
+1056991898.891148	CmES5u32sYpV7JYN	192.168.0.173	1066	192.168.0.2	135	0.000375	135	epmapper	ept_map
+1056991898.895146	CP5puj4I8PtEU4qzYg	192.168.0.173	1067	192.168.0.2	4997	0.000749	4997	nspi	NspiBind
+1056991898.902393	C37jN32gN3y3AZzyf6	192.168.0.173	1068	192.168.0.2	4997	0.026606	4997	nspi	NspiBind
+1056991898.931248	C3eiCBGOLw3VtHfOj	192.168.0.173	1069	192.168.0.2	135	0.000500	135	epmapper	ept_lookup
+1056991899.586840	C0LAHyvtKSQHyJxIl	192.168.0.173	1072	192.168.0.2	135	0.000374	135	epmapper	ept_map
+1056991899.594336	CFLRIC3zaTU1loLGxh	192.168.0.173	1073	192.168.0.2	1032	0.031980	1032	exchange_mapi	EcDoConnect
+1056991899.626566	CFLRIC3zaTU1loLGxh	192.168.0.173	1073	192.168.0.2	1032	0.024359	1032	exchange_mapi	EcDoRpc
+1056991899.652798	CFLRIC3zaTU1loLGxh	192.168.0.173	1073	192.168.0.2	1032	0.001374	1032	exchange_mapi	EcDoRpc
+1056991899.655922	CFLRIC3zaTU1loLGxh	192.168.0.173	1073	192.168.0.2	1032	0.000999	1032	exchange_mapi	EcDoRpc
+1056991899.658670	CFLRIC3zaTU1loLGxh	192.168.0.173	1073	192.168.0.2	1032	0.001624	1032	exchange_mapi	EcDoRpc
+1056991899.660794	CFLRIC3zaTU1loLGxh	192.168.0.173	1073	192.168.0.2	1032	0.003998	1032	exchange_mapi	EcRRegisterPushNotification
+1056991899.707516	CFLRIC3zaTU1loLGxh	192.168.0.173	1073	192.168.0.2	1032	0.003998	1032	exchange_mapi	EcRRegisterPushNotification
+#close	2016-10-08-03-48-34

testing/btest/Baseline/scripts.base.protocols.dce-rpc.mapi/ntlm.log

@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ntlm
-#open	2016-08-08-20-13-23
+#open	2016-10-08-03-48-34
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	username	hostname	domainname	success	status
 #types	time	string	addr	port	addr	port	string	string	string	bool	string
-1056991898.902392	CUM0KZ3MLUfNB0cl11	192.168.0.173	1068	192.168.0.2	4997	ALeonard	ALEONARD-XP	CNAMIS	-	-
-1056991899.594334	C37jN32gN3y3AZzyf6	192.168.0.173	1073	192.168.0.2	1032	ALeonard	ALEONARD-XP	CNAMIS	-	-
-#close	2016-08-08-20-13-23
+1056991898.902392	C37jN32gN3y3AZzyf6	192.168.0.173	1068	192.168.0.2	4997	ALeonard	ALEONARD-XP	CNAMIS	-	-
+1056991899.594334	CFLRIC3zaTU1loLGxh	192.168.0.173	1073	192.168.0.2	1032	ALeonard	ALEONARD-XP	CNAMIS	-	-
+#close	2016-10-08-03-48-34