Wireshark • Display Filter Reference: Distributed Computing Environment / Remote Procedure Call (DCE/RPC)

Display Filter Reference: Distributed Computing Environment / Remote Procedure Call (DCE/RPC)

Protocol field name: dcerpc

Versions: 1.0.0 to 4.6.0

Field name	Description	Type	Versions
dcerpc.array.actual_count	Actual Count	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.array.buffer	Buffer	Byte sequence	1.0.0 to 1.10.14
dcerpc.array.max_count	Max Count	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.array.offset	Offset	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.auth_credentials	Auth Credentials	Byte sequence	2.0.0 to 4.6.0
dcerpc.auth_ctx_id	Auth Context ID	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.auth_info	Auth Info	Label	2.4.0 to 4.6.0
dcerpc.auth_level	Auth level	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.auth_pad_len	Auth pad len	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.auth_padding	Auth Padding	Byte sequence	2.0.0 to 4.6.0
dcerpc.auth_rsrvd	Auth Rsrvd	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.auth_type	Auth type	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.auth_verifier	Auth Verifier	Byte sequence	2.0.0 to 2.4.16
dcerpc.authentication_verifier	Authentication verifier	Byte sequence	2.0.0 to 4.6.0
dcerpc.bind_not_acknowledged	Bind not acknowledged	Label	1.12.0 to 4.6.0
dcerpc.cmd_client_ipv4	RTS Client address	IPv4 address	2.0.0 to 4.6.0
dcerpc.cmd_client_ipv6	RTS Client address	IPv6 address	2.0.0 to 4.6.0
dcerpc.cn_ack_btfn	Bind Time Feature Negotiation Bitmask	Unsigned integer (16 bits)	1.12.0 to 2.0.16
dcerpc.cn_ack_reason	Ack reason	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.cn_ack_result	Ack result	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.cn_ack_trans_id	Transfer Syntax	Globally Unique Identifier	1.0.0 to 4.6.0
dcerpc.cn_ack_trans_ver	Syntax ver	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.cn_alloc_hint	Alloc hint	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.cn_assoc_group	Assoc Group	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.cn_auth_len	Auth Length	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.cn_bind_abstract_syntax	Abstract Syntax	Label	1.0.0 to 4.6.0
dcerpc.cn_bind_if_ver	Interface Ver	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.cn_bind_if_ver_minor	Interface Ver Minor	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.cn_bind_to_uuid	Interface UUID	Globally Unique Identifier	1.0.0 to 4.6.0
dcerpc.cn_bind_trans	Transfer Syntax	Label	1.0.0 to 4.6.0
dcerpc.cn_bind_trans_btfn	Bind Time Features	Unsigned integer (16 bits)	2.2.0 to 4.6.0
dcerpc.cn_bind_trans_btfn.01	Security Context Multiplexing Supported	Boolean	1.12.0 to 4.6.0
dcerpc.cn_bind_trans_btfn.02	Keep Connection On Orphan Supported	Boolean	1.12.0 to 4.6.0
dcerpc.cn_bind_trans_id	ID	Globally Unique Identifier	1.0.0 to 4.6.0
dcerpc.cn_bind_trans_ver	ver	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.cn_call_id	Call ID	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.cn_cancel_count	Cancel count	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.cn_ctx_id	Context ID	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.cn_ctx_id.no_bind	No bind info for interface Context ID	Label	1.12.0 to 4.6.0
dcerpc.cn_ctx_item	Ctx Item	Label	1.0.0 to 4.6.0
dcerpc.cn_deseg_req	Desegmentation Required	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.cn_fault_flags	Fault flags	Unsigned integer (8 bits)	2.6.0 to 4.6.0
dcerpc.cn_fault_flags.extended_error	Extended error information present	Boolean	2.6.0 to 4.6.0
dcerpc.cn_flags	Packet Flags	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.cn_flags.cancel_pending	Cancel Pending	Boolean	1.0.0 to 4.6.0
dcerpc.cn_flags.dne	Did Not Execute	Boolean	1.0.0 to 4.6.0
dcerpc.cn_flags.first_frag	First Frag	Boolean	1.0.0 to 4.6.0
dcerpc.cn_flags.last_frag	Last Frag	Boolean	1.0.0 to 4.6.0
dcerpc.cn_flags.maybe	Maybe	Boolean	1.0.0 to 4.6.0
dcerpc.cn_flags.mpx	Multiplex	Boolean	1.0.0 to 4.6.0
dcerpc.cn_flags.object	Object	Boolean	1.0.0 to 4.6.0
dcerpc.cn_flags.reserved	Reserved	Boolean	1.0.0 to 4.6.0
dcerpc.cn_frag_len	Frag Length	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.cn_max_recv	Max Recv Frag	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.cn_max_xmit	Max Xmit Frag	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.cn_num_ctx_items	Num Ctx Items	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.cn_num_protocols	Number of protocols	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.cn_num_results	Num results	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.cn_num_trans_items	Num Trans Items	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.cn_protocol_ver_major	Protocol major version	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.cn_protocol_ver_minor	Protocol minor version	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.cn_reject_reason	Reject reason	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.cn_rts.flags.ping	Ping	Boolean	1.6.0 to 4.6.0
dcerpc.cn_rts_command	RTS Command	Unsigned integer (32 bits)	1.8.0 to 4.6.0
dcerpc.cn_rts_command.addrtype	Address Type	Unsigned integer (32 bits)	1.8.0 to 4.6.0
dcerpc.cn_rts_command.associationgroupid	Association Group ID	Globally Unique Identifier	1.8.0 to 4.6.0
dcerpc.cn_rts_command.channellifetime	Channel Lifetime	Unsigned integer (32 bits)	1.8.0 to 4.6.0
dcerpc.cn_rts_command.clientkeepalive	Client Keepalive	Unsigned integer (32 bits)	1.8.0 to 4.6.0
dcerpc.cn_rts_command.connectiontimeout	Connection Timeout	Unsigned integer (32 bits)	1.8.0 to 4.6.0
dcerpc.cn_rts_command.cookie	Cookie	Globally Unique Identifier	1.8.0 to 4.6.0
dcerpc.cn_rts_command.fack.availablewindow	Available Window	Unsigned integer (32 bits)	1.8.0 to 4.6.0
dcerpc.cn_rts_command.fack.bytesreceived	Bytes Received	Unsigned integer (32 bits)	1.8.0 to 4.6.0
dcerpc.cn_rts_command.fack.channelcookie	Channel Cookie	Globally Unique Identifier	1.8.0 to 4.6.0
dcerpc.cn_rts_command.forwarddestination	Forward Destination	Unsigned integer (32 bits)	1.8.0 to 4.6.0
dcerpc.cn_rts_command.padding.conformancecount	Conformance Count	Unsigned integer (32 bits)	1.8.0 to 4.6.0
dcerpc.cn_rts_command.padding.padding	Padding	Byte sequence	1.8.0 to 4.6.0
dcerpc.cn_rts_command.pingtrafficsentnotify	Ping Traffic Sent Notify	Unsigned integer (32 bits)	1.8.0 to 4.6.0
dcerpc.cn_rts_command.receivewindowsize	Receive Window Size	Unsigned integer (32 bits)	1.8.0 to 4.6.0
dcerpc.cn_rts_command.unknown	unknown RTS command number	Label	2.0.0 to 4.6.0
dcerpc.cn_rts_command.version	Version	Unsigned integer (32 bits)	1.8.0 to 4.6.0
dcerpc.cn_rts_commands_nb	RTS Number of Commands	Unsigned integer (16 bits)	1.6.0 to 4.6.0
dcerpc.cn_rts_flags	RTS Flags	Unsigned integer (16 bits)	1.6.0 to 4.6.0
dcerpc.cn_rts_flags.echo	Echo	Boolean	1.6.0 to 1.6.16
dcerpc.cn_rts_flags.eof	EOF	Boolean	1.6.0 to 4.6.0
dcerpc.cn_rts_flags.in_channel	In Channel	Boolean	1.6.0 to 4.6.0
dcerpc.cn_rts_flags.none	None	Boolean	1.6.0 to 2.0.7, 2.2.0 to 2.2.1
dcerpc.cn_rts_flags.other_cmd	Other Cmd	Boolean	1.6.0 to 4.6.0
dcerpc.cn_rts_flags.out_channel	Out Channel	Boolean	1.6.0 to 4.6.0
dcerpc.cn_rts_flags.recycle_channel	Recycle Channel	Boolean	1.6.0 to 4.6.0
dcerpc.cn_sec_addr	Scndry Addr	Character string	1.0.0 to 4.6.0
dcerpc.cn_sec_addr_len	Scndry Addr len	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.cn_status	Status	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.cn_status.expert	Fault	Label	1.12.0 to 4.6.0
dcerpc.context_change	Context change: %s	Label	1.12.0 to 2.4.16
dcerpc.decrypted_stub_data	Decrypted stub data	Byte sequence	2.0.0 to 4.6.0
dcerpc.dg_act_id	Activity	Globally Unique Identifier	1.0.0 to 4.6.0
dcerpc.dg_ahint	Activity Hint	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.dg_auth_proto	Auth proto	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.dg_cancel_id	Cancel ID	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.dg_cancel_vers	Cancel Version	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.dg_flags1	Flags1	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.dg_flags1_broadcast	Broadcast	Boolean	1.0.0 to 4.6.0
dcerpc.dg_flags1_frag	Fragment	Boolean	1.0.0 to 4.6.0
dcerpc.dg_flags1_idempotent	Idempotent	Boolean	1.0.0 to 4.6.0
dcerpc.dg_flags1_last_frag	Last Fragment	Boolean	1.0.0 to 4.6.0
dcerpc.dg_flags1_maybe	Maybe	Boolean	1.0.0 to 4.6.0
dcerpc.dg_flags1_nofack	No Fack	Boolean	1.0.0 to 4.6.0
dcerpc.dg_flags1_rsrvd_01	Reserved for implementation	Boolean	1.0.0 to 4.6.0
dcerpc.dg_flags1_rsrvd_80	Reserved for implementation	Boolean	1.0.0 to 4.6.0
dcerpc.dg_flags2	Flags2	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.dg_flags2_cancel_pending	Cancel Pending	Boolean	1.0.0 to 4.6.0
dcerpc.dg_flags2_rsrvd_01	Reserved for implementation	Boolean	1.0.0 to 4.6.0
dcerpc.dg_flags2_rsrvd_04	Reserved for future use (MBZ)	Boolean	1.0.0 to 4.6.0
dcerpc.dg_flags2_rsrvd_08	Reserved for future use (MBZ)	Boolean	1.0.0 to 4.6.0
dcerpc.dg_flags2_rsrvd_10	Reserved for future use (MBZ)	Boolean	1.0.0 to 4.6.0
dcerpc.dg_flags2_rsrvd_20	Reserved for future use (MBZ)	Boolean	1.0.0 to 4.6.0
dcerpc.dg_flags2_rsrvd_40	Reserved for future use (MBZ)	Boolean	1.0.0 to 4.6.0
dcerpc.dg_flags2_rsrvd_80	Reserved for future use (MBZ)	Boolean	1.0.0 to 4.6.0
dcerpc.dg_frag_len	Fragment len	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.dg_frag_num	Fragment num	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.dg_if_id	Interface	Globally Unique Identifier	1.0.0 to 4.6.0
dcerpc.dg_if_ver	Interface Ver	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.dg_ihint	Interface Hint	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.dg_seqnum	Sequence num	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.dg_serial_hi	Serial High	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.dg_serial_lo	Serial Low	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.dg_server_boot	Server boot time	Date and time	1.0.0 to 4.6.0
dcerpc.dg_status	Status	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.drep	Data Representation	Byte sequence	1.0.0 to 4.6.0
dcerpc.drep.byteorder	Byte order	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.drep.character	Character	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.drep.fp	Floating-point	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.duplicate_ptr	duplicate PTR	Character string	2.0.0 to 4.6.0
dcerpc.encrypted_stub_data	Encrypted stub data	Byte sequence	2.0.0 to 4.6.0
dcerpc.fack_max_frag_size	Max Frag Size	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.fack_max_tsdu	Max TSDU	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.fack_selack	Selective ACK	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.fack_selack_len	Selective ACK Len	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.fack_serial_num	Serial Num	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.fack_vers	FACK Version	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.fack_window_size	Window Size	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.fault_stub_data	Fault stub data	Byte sequence	2.0.0 to 4.6.0
dcerpc.fragment	DCE/RPC Fragment	Frame number	1.0.0 to 4.6.0
dcerpc.fragment.count	Fragment count	Unsigned integer (32 bits)	1.6.0 to 4.6.0
dcerpc.fragment.error	Defragmentation error	Frame number	1.0.0 to 4.6.0
dcerpc.fragment.multipletails	Multiple tail fragments found	Boolean	1.0.0 to 4.6.0
dcerpc.fragment.overlap	Fragment overlap	Boolean	1.0.0 to 4.6.0
dcerpc.fragment.overlap.conflict	Conflicting data in fragment overlap	Boolean	1.0.0 to 4.6.0
dcerpc.fragment.reassemble	Fragment	Label	2.2.0 to 4.6.0
dcerpc.fragment.toolongfragment	Fragment too long	Boolean	1.0.0 to 4.6.0
dcerpc.fragment_data	Fragment data	Byte sequence	2.0.0 to 4.6.0
dcerpc.fragment_multiple	Multiple DCE/RPC fragments/PDU's in one packet	Label	1.12.0 to 4.6.0
dcerpc.fragment_reassembled	Fragment, reassembled	Label	1.12.0 to 4.6.0
dcerpc.fragments	Reassembled DCE/RPC Fragments	Label	1.0.0 to 4.6.0
dcerpc.invalid_pdu_authentication_attempt	Invalid authentication attempt	Label	2.0.0 to 4.6.0
dcerpc.krb5_av.auth_verifier	Authentication Verifier	Byte sequence	1.0.0 to 4.6.0
dcerpc.krb5_av.key_vers_num	Key Version Number	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.krb5_av.prot_level	Protection Level	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.long_frame	Long frame	Label	2.0.0 to 4.6.0
dcerpc.lsa_String.name_len	Name Len	Unsigned integer (16 bits)	1.4.0 to 4.6.0
dcerpc.lsa_String.name_size	Name Size	Unsigned integer (16 bits)	1.4.0 to 4.6.0
dcerpc.missalign	missalign	Byte sequence	2.2.0 to 4.6.0
dcerpc.ndr_padding	NDR-Padding	Byte sequence	2.0.0 to 4.6.0
dcerpc.no_request_found	No request to this DCE/RPC call found	Label	1.12.0 to 4.6.0
dcerpc.not_implemented	dissection not implemented	Label	3.2.0 to 4.6.0
dcerpc.nt.acb.autolock	Account is autolocked	Boolean	1.0.0 to 4.6.0
dcerpc.nt.acb.disabled	Account disabled	Boolean	1.0.0 to 4.6.0
dcerpc.nt.acb.domtrust	Interdomain trust account	Boolean	1.0.0 to 4.6.0
dcerpc.nt.acb.homedirreq	Home dir required	Boolean	1.0.0 to 4.6.0
dcerpc.nt.acb.mns	MNS logon user account	Boolean	1.0.0 to 4.6.0
dcerpc.nt.acb.normal	Normal user account	Boolean	1.0.0 to 4.6.0
dcerpc.nt.acb.pwnoexp	Password expires	Boolean	1.0.0 to 4.6.0
dcerpc.nt.acb.pwnotreq	Password required	Boolean	1.0.0 to 4.6.0
dcerpc.nt.acb.svrtrust	Server trust account	Boolean	1.0.0 to 4.6.0
dcerpc.nt.acb.tempdup	Temporary duplicate account	Boolean	1.0.0 to 4.6.0
dcerpc.nt.acb.wstrust	Workstation trust account	Boolean	1.0.0 to 4.6.0
dcerpc.nt.acct_ctrl	Acct Ctrl	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.nt.attr	Attributes	Unsigned integer (32 bits)	1.0.0 to 4.2.14
dcerpc.nt.badsid	Association rejected	Label	1.12.0 to 4.6.0
dcerpc.nt.blob.data	Blob data	Byte sequence	2.0.0 to 4.6.0
dcerpc.nt.blob.size	Blob size	Unsigned integer (32 bits)	1.8.0 to 4.6.0
dcerpc.nt.close_frame	Frame handle closed	Frame number	1.0.0 to 4.6.0
dcerpc.nt.count	Count	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.nt.domain_sid	Domain SID	Character string	1.0.0 to 4.6.0
dcerpc.nt.groups.attrs	Group Attributes	Unsigned integer (32 bits)	4.4.0 to 4.6.0
dcerpc.nt.groups.attrs.enabled	Enabled	Boolean	4.4.0 to 4.6.0
dcerpc.nt.groups.attrs.enabled_by_default	Enabled By Default	Boolean	4.4.0 to 4.6.0
dcerpc.nt.groups.attrs.mandatory	Mandatory	Boolean	4.4.0 to 4.6.0
dcerpc.nt.groups.attrs.owner	Owner	Boolean	4.4.0 to 4.6.0
dcerpc.nt.groups.attrs.resource_group	Resource Group	Boolean	4.4.0 to 4.6.0
dcerpc.nt.guid	GUID	Globally Unique Identifier	1.0.0 to 4.6.0
dcerpc.nt.logonhours.divisions	Divisions	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.nt.open_frame	Frame handle opened	Frame number	1.0.0 to 4.6.0
dcerpc.nt.sting_error	Wrong string type	Character string	1.8.0 to 4.6.0
dcerpc.nt.str.len	Length	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.nt.str.size	Size	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.nt.unknown.char	Unknown char	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.null_pointer	NULL Pointer	Byte sequence	2.0.0 to 4.6.0
dcerpc.obj_id	Object	Globally Unique Identifier	1.0.0 to 4.6.0
dcerpc.op	Operation	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.opnum	Opnum	Unsigned integer (16 bits)	1.0.0 to 4.6.0
dcerpc.payload_stub_data	Payload stub data	Label	2.2.0 to 4.6.0
dcerpc.pkt_type	Packet type	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.reassembled.length	Reassembled DCE/RPC length	Unsigned integer (32 bits)	1.4.0 to 4.6.0
dcerpc.reassembled_in	Reassembled PDU in frame	Frame number	1.0.0 to 4.6.0
dcerpc.referent_id	Referent ID	Unsigned integer (32 bits)	1.0.0 to 4.6.0
dcerpc.referent_id64	Referent ID	Unsigned integer (64 bits)	2.2.0 to 4.6.0
dcerpc.request_in	Request in frame	Frame number	1.0.0 to 4.6.0
dcerpc.reserved	Reserved	Byte sequence	2.2.0 to 4.6.0
dcerpc.response_in	Response in frame	Frame number	1.0.0 to 4.6.0
dcerpc.rpc_sec_vt.bitmask	rpc_sec_vt_bitmask	Unsigned integer (32 bits)	2.2.0 to 4.6.0
dcerpc.rpc_sec_vt.bitmask.sign	CLIENT_SUPPORT_HEADER_SIGNING	Boolean	2.2.0 to 4.6.0
dcerpc.rpc_sec_vt.command	Command	Unsigned integer (16 bits)	2.2.0 to 4.6.0
dcerpc.rpc_sec_vt.command.cmd	Cmd	Unsigned integer (16 bits)	2.2.0 to 4.6.0
dcerpc.rpc_sec_vt.command.end	SEC_VT_COMMAND_END	Boolean	2.2.0 to 4.6.0
dcerpc.rpc_sec_vt.command.length	Length	Unsigned integer (16 bits)	2.2.0 to 4.6.0
dcerpc.rpc_sec_vt.command.must_process	SEC_VT_MUST_PROCESS_COMMAND	Boolean	2.2.0 to 4.6.0
dcerpc.rpc_sec_vt.pcontext.interface.uuid	UUID	Globally Unique Identifier	2.2.0 to 4.6.0
dcerpc.rpc_sec_vt.pcontext.interface.ver	Version	Unsigned integer (32 bits)	2.2.0 to 4.6.0
dcerpc.rpc_sec_vt.signature	SEC_VT_SIGNATURE	Byte sequence	2.2.0 to 4.6.0
dcerpc.server_accepting_cancels	Server accepting cancels	Boolean	1.0.0 to 4.6.0
dcerpc.stub_data	Stub data	Byte sequence	2.0.0 to 4.6.0
dcerpc.stub_data_with_sec_vt	Stub data with rpc_sec_verification_trailer	Byte sequence	2.2.0 to 4.6.0
dcerpc.time	Time from request	Time offset	1.0.0 to 4.6.0
dcerpc.unknown	Unknown	Byte sequence	2.2.0 to 4.6.0
dcerpc.unknown_if_id	Unknown DCERPC interface id	Boolean	1.0.0 to 4.6.0
dcerpc.ver	Version	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.ver_minor	Version (minor)	Unsigned integer (8 bits)	1.0.0 to 4.6.0
dcerpc.verifier_unavailable	Verifier unavailable	Label	2.0.0 to 4.6.0
dcerpc_cn_rts_command	RTS Command	Unsigned integer (32 bits)	1.6.0 to 1.6.16
dcerpc_cn_rts_command.addrtype	Address Type	Unsigned integer (32 bits)	1.6.0 to 1.6.16
dcerpc_cn_rts_command.associationgroupid	Association Group ID	Globally Unique Identifier	1.6.0 to 1.6.16
dcerpc_cn_rts_command.channellifetime	Channel Lifetime	Unsigned integer (32 bits)	1.6.0 to 1.6.16
dcerpc_cn_rts_command.clientkeepalive	Client Keepalive	Unsigned integer (32 bits)	1.6.0 to 1.6.16
dcerpc_cn_rts_command.connectiontimeout	Connection Timeout	Unsigned integer (32 bits)	1.6.0 to 1.6.16
dcerpc_cn_rts_command.cookie	Cookie	Globally Unique Identifier	1.6.0 to 1.6.16
dcerpc_cn_rts_command.fack.availablewindow	Available Window	Unsigned integer (32 bits)	1.6.0 to 1.6.16
dcerpc_cn_rts_command.fack.bytesreceived	Bytes Received	Unsigned integer (32 bits)	1.6.0 to 1.6.16
dcerpc_cn_rts_command.fack.channelcookie	Channel Cookie	Globally Unique Identifier	1.6.0 to 1.6.16
dcerpc_cn_rts_command.forwarddestination	Forward Destination	Unsigned integer (32 bits)	1.6.0 to 1.6.16
dcerpc_cn_rts_command.padding.conformancecount	Conformance Count	Unsigned integer (32 bits)	1.6.0 to 1.6.16
dcerpc_cn_rts_command.padding.padding	Padding	Byte sequence	1.6.0 to 1.6.16
dcerpc_cn_rts_command.pingtrafficsentnotify	Ping Traffic Sent Notify	Unsigned integer (32 bits)	1.6.0 to 1.6.16
dcerpc_cn_rts_command.receivewindowsize	Receive Window Size	Unsigned integer (32 bits)	1.6.0 to 1.6.16
dcerpc_cn_rts_command.version	Version	Unsigned integer (32 bits)	1.6.0 to 1.6.16
nt.midl.fill_bytes	Fill bytes	Unsigned integer (32 bits)	2.0.0 to 4.6.0
nt.midl.hdr_len	HDR Length	Unsigned integer (16 bits)	2.0.0 to 4.6.0
nt.midl.version	Version	Unsigned integer (8 bits)	2.0.0 to 4.6.0
nt.midl_blob_len	Blob Length	Unsigned integer (64 bits)	2.0.0 to 4.6.0