Wireshark
the world's foremost network protocol analyzer
Display Filter Reference: Distributed Computing Environment / Remote Procedure Call (DCE/RPC)
Protocol field name: dcerpc
Versions: 1.0.0 to 1.6.5
Back to Display Filter Reference
| Field name | Type | Description | Versions |
|---|---|---|---|
| dcerpc.array.actual_count | Unsigned integer, 4 bytes | Actual Count | 1.0.0 to 1.6.5 |
| dcerpc.array.buffer | Sequence of bytes | Buffer | 1.0.0 to 1.6.5 |
| dcerpc.array.max_count | Unsigned integer, 4 bytes | Max Count | 1.0.0 to 1.6.5 |
| dcerpc.array.offset | Unsigned integer, 4 bytes | Offset | 1.0.0 to 1.6.5 |
| dcerpc.auth_ctx_id | Unsigned integer, 4 bytes | Auth Context ID | 1.0.0 to 1.6.5 |
| dcerpc.auth_level | Unsigned integer, 1 byte | Auth level | 1.0.0 to 1.6.5 |
| dcerpc.auth_pad_len | Unsigned integer, 1 byte | Auth pad len | 1.0.0 to 1.6.5 |
| dcerpc.auth_rsrvd | Unsigned integer, 1 byte | Auth Rsrvd | 1.0.0 to 1.6.5 |
| dcerpc.auth_type | Unsigned integer, 1 byte | Auth type | 1.0.0 to 1.6.5 |
| dcerpc.cn_ack_reason | Unsigned integer, 2 bytes | Ack reason | 1.0.0 to 1.6.5 |
| dcerpc.cn_ack_result | Unsigned integer, 2 bytes | Ack result | 1.0.0 to 1.6.5 |
| dcerpc.cn_ack_trans_id | Globally Unique Identifier | Transfer Syntax | 1.0.0 to 1.6.5 |
| dcerpc.cn_ack_trans_ver | Unsigned integer, 4 bytes | Syntax ver | 1.0.0 to 1.6.5 |
| dcerpc.cn_alloc_hint | Unsigned integer, 4 bytes | Alloc hint | 1.0.0 to 1.6.5 |
| dcerpc.cn_assoc_group | Unsigned integer, 4 bytes | Assoc Group | 1.0.0 to 1.6.5 |
| dcerpc.cn_auth_len | Unsigned integer, 2 bytes | Auth Length | 1.0.0 to 1.6.5 |
| dcerpc.cn_bind_abstract_syntax | Label | Abstract Syntax | 1.0.0 to 1.6.5 |
| dcerpc.cn_bind_if_ver | Unsigned integer, 2 bytes | Interface Ver | 1.0.0 to 1.6.5 |
| dcerpc.cn_bind_if_ver_minor | Unsigned integer, 2 bytes | Interface Ver Minor | 1.0.0 to 1.6.5 |
| dcerpc.cn_bind_to_uuid | Globally Unique Identifier | Interface UUID | 1.0.0 to 1.6.5 |
| dcerpc.cn_bind_trans | Label | Transfer Syntax | 1.0.0 to 1.6.5 |
| dcerpc.cn_bind_trans_id | Globally Unique Identifier | ID | 1.0.0 to 1.6.5 |
| dcerpc.cn_bind_trans_ver | Unsigned integer, 4 bytes | ver | 1.0.0 to 1.6.5 |
| dcerpc.cn_call_id | Unsigned integer, 4 bytes | Call ID | 1.0.0 to 1.6.5 |
| dcerpc.cn_cancel_count | Unsigned integer, 1 byte | Cancel count | 1.0.0 to 1.6.5 |
| dcerpc.cn_ctx_id | Unsigned integer, 2 bytes | Context ID | 1.0.0 to 1.6.5 |
| dcerpc.cn_ctx_item | Label | Ctx Item | 1.0.0 to 1.6.5 |
| dcerpc.cn_deseg_req | Unsigned integer, 4 bytes | Desegmentation Required | 1.0.0 to 1.6.5 |
| dcerpc.cn_flags | Unsigned integer, 1 byte | Packet Flags | 1.0.0 to 1.6.5 |
| dcerpc.cn_flags.cancel_pending | Boolean | Cancel Pending | 1.0.0 to 1.6.5 |
| dcerpc.cn_flags.dne | Boolean | Did Not Execute | 1.0.0 to 1.6.5 |
| dcerpc.cn_flags.first_frag | Boolean | First Frag | 1.0.0 to 1.6.5 |
| dcerpc.cn_flags.last_frag | Boolean | Last Frag | 1.0.0 to 1.6.5 |
| dcerpc.cn_flags.maybe | Boolean | Maybe | 1.0.0 to 1.6.5 |
| dcerpc.cn_flags.mpx | Boolean | Multiplex | 1.0.0 to 1.6.5 |
| dcerpc.cn_flags.object | Boolean | Object | 1.0.0 to 1.6.5 |
| dcerpc.cn_flags.reserved | Boolean | Reserved | 1.0.0 to 1.6.5 |
| dcerpc.cn_frag_len | Unsigned integer, 2 bytes | Frag Length | 1.0.0 to 1.6.5 |
| dcerpc.cn_max_recv | Unsigned integer, 2 bytes | Max Recv Frag | 1.0.0 to 1.6.5 |
| dcerpc.cn_max_xmit | Unsigned integer, 2 bytes | Max Xmit Frag | 1.0.0 to 1.6.5 |
| dcerpc.cn_num_ctx_items | Unsigned integer, 1 byte | Num Ctx Items | 1.0.0 to 1.6.5 |
| dcerpc.cn_num_protocols | Unsigned integer, 1 byte | Number of protocols | 1.0.0 to 1.6.5 |
| dcerpc.cn_num_results | Unsigned integer, 1 byte | Num results | 1.0.0 to 1.6.5 |
| dcerpc.cn_num_trans_items | Unsigned integer, 1 byte | Num Trans Items | 1.0.0 to 1.6.5 |
| dcerpc.cn_protocol_ver_major | Unsigned integer, 1 byte | Protocol major version | 1.0.0 to 1.6.5 |
| dcerpc.cn_protocol_ver_minor | Unsigned integer, 1 byte | Protocol minor version | 1.0.0 to 1.6.5 |
| dcerpc.cn_reject_reason | Unsigned integer, 2 bytes | Reject reason | 1.0.0 to 1.6.5 |
| dcerpc.cn_rts.flags.ping | Boolean | Ping | 1.6.0 to 1.6.5 |
| dcerpc.cn_rts_commands_nb | Unsigned integer, 2 bytes | RTS Number of Commands | 1.6.0 to 1.6.5 |
| dcerpc.cn_rts_flags | Unsigned integer, 2 bytes | RTS Flags | 1.6.0 to 1.6.5 |
| dcerpc.cn_rts_flags.echo | Boolean | Echo | 1.6.0 to 1.6.5 |
| dcerpc.cn_rts_flags.eof | Boolean | EOF | 1.6.0 to 1.6.5 |
| dcerpc.cn_rts_flags.in_channel | Boolean | In Channel | 1.6.0 to 1.6.5 |
| dcerpc.cn_rts_flags.none | Boolean | None | 1.6.0 to 1.6.5 |
| dcerpc.cn_rts_flags.other_cmd | Boolean | Other Cmd | 1.6.0 to 1.6.5 |
| dcerpc.cn_rts_flags.out_channel | Boolean | Out Channel | 1.6.0 to 1.6.5 |
| dcerpc.cn_rts_flags.recycle_channel | Boolean | Recycle Channel | 1.6.0 to 1.6.5 |
| dcerpc.cn_sec_addr | Character string | Scndry Addr | 1.0.0 to 1.6.5 |
| dcerpc.cn_sec_addr_len | Unsigned integer, 2 bytes | Scndry Addr len | 1.0.0 to 1.6.5 |
| dcerpc.cn_status | Unsigned integer, 4 bytes | Status | 1.0.0 to 1.6.5 |
| dcerpc.dg_act_id | Globally Unique Identifier | Activity | 1.0.0 to 1.6.5 |
| dcerpc.dg_ahint | Unsigned integer, 2 bytes | Activity Hint | 1.0.0 to 1.6.5 |
| dcerpc.dg_auth_proto | Unsigned integer, 1 byte | Auth proto | 1.0.0 to 1.6.5 |
| dcerpc.dg_cancel_id | Unsigned integer, 4 bytes | Cancel ID | 1.0.0 to 1.6.5 |
| dcerpc.dg_cancel_vers | Unsigned integer, 4 bytes | Cancel Version | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags1 | Unsigned integer, 1 byte | Flags1 | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags1_broadcast | Boolean | Broadcast | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags1_frag | Boolean | Fragment | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags1_idempotent | Boolean | Idempotent | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags1_last_frag | Boolean | Last Fragment | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags1_maybe | Boolean | Maybe | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags1_nofack | Boolean | No Fack | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags1_rsrvd_01 | Boolean | Reserved | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags1_rsrvd_80 | Boolean | Reserved | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags2 | Unsigned integer, 1 byte | Flags2 | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags2_cancel_pending | Boolean | Cancel Pending | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags2_rsrvd_01 | Boolean | Reserved | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags2_rsrvd_04 | Boolean | Reserved | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags2_rsrvd_08 | Boolean | Reserved | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags2_rsrvd_10 | Boolean | Reserved | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags2_rsrvd_20 | Boolean | Reserved | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags2_rsrvd_40 | Boolean | Reserved | 1.0.0 to 1.6.5 |
| dcerpc.dg_flags2_rsrvd_80 | Boolean | Reserved | 1.0.0 to 1.6.5 |
| dcerpc.dg_frag_len | Unsigned integer, 2 bytes | Fragment len | 1.0.0 to 1.6.5 |
| dcerpc.dg_frag_num | Unsigned integer, 2 bytes | Fragment num | 1.0.0 to 1.6.5 |
| dcerpc.dg_if_id | Globally Unique Identifier | Interface | 1.0.0 to 1.6.5 |
| dcerpc.dg_if_ver | Unsigned integer, 4 bytes | Interface Ver | 1.0.0 to 1.6.5 |
| dcerpc.dg_ihint | Unsigned integer, 2 bytes | Interface Hint | 1.0.0 to 1.6.5 |
| dcerpc.dg_seqnum | Unsigned integer, 4 bytes | Sequence num | 1.0.0 to 1.6.5 |
| dcerpc.dg_serial_hi | Unsigned integer, 1 byte | Serial High | 1.0.0 to 1.6.5 |
| dcerpc.dg_serial_lo | Unsigned integer, 1 byte | Serial Low | 1.0.0 to 1.6.5 |
| dcerpc.dg_server_boot | Date and time | Server boot time | 1.0.0 to 1.6.5 |
| dcerpc.dg_status | Unsigned integer, 4 bytes | Status | 1.0.0 to 1.6.5 |
| dcerpc.drep | Sequence of bytes | Data Representation | 1.0.0 to 1.6.5 |
| dcerpc.drep.byteorder | Unsigned integer, 1 byte | Byte order | 1.0.0 to 1.6.5 |
| dcerpc.drep.character | Unsigned integer, 1 byte | Character | 1.0.0 to 1.6.5 |
| dcerpc.drep.fp | Unsigned integer, 1 byte | Floating-point | 1.0.0 to 1.6.5 |
| dcerpc.fack_max_frag_size | Unsigned integer, 4 bytes | Max Frag Size | 1.0.0 to 1.6.5 |
| dcerpc.fack_max_tsdu | Unsigned integer, 4 bytes | Max TSDU | 1.0.0 to 1.6.5 |
| dcerpc.fack_selack | Unsigned integer, 4 bytes | Selective ACK | 1.0.0 to 1.6.5 |
| dcerpc.fack_selack_len | Unsigned integer, 2 bytes | Selective ACK Len | 1.0.0 to 1.6.5 |
| dcerpc.fack_serial_num | Unsigned integer, 2 bytes | Serial Num | 1.0.0 to 1.6.5 |
| dcerpc.fack_vers | Unsigned integer, 1 byte | FACK Version | 1.0.0 to 1.6.5 |
| dcerpc.fack_window_size | Unsigned integer, 2 bytes | Window Size | 1.0.0 to 1.6.5 |
| dcerpc.fragment | Frame number | DCE/RPC Fragment | 1.0.0 to 1.6.5 |
| dcerpc.fragment.count | Unsigned integer, 4 bytes | Fragment count | 1.6.0 to 1.6.5 |
| dcerpc.fragment.error | Frame number | Defragmentation error | 1.0.0 to 1.6.5 |
| dcerpc.fragment.multipletails | Boolean | Multiple tail fragments found | 1.0.0 to 1.6.5 |
| dcerpc.fragment.overlap | Boolean | Fragment overlap | 1.0.0 to 1.6.5 |
| dcerpc.fragment.overlap.conflict | Boolean | Conflicting data in fragment overlap | 1.0.0 to 1.6.5 |
| dcerpc.fragment.toolongfragment | Boolean | Fragment too long | 1.0.0 to 1.6.5 |
| dcerpc.fragments | Label | Reassembled DCE/RPC Fragments | 1.0.0 to 1.6.5 |
| dcerpc.krb5_av.auth_verifier | Sequence of bytes | Authentication Verifier | 1.0.0 to 1.6.5 |
| dcerpc.krb5_av.key_vers_num | Unsigned integer, 1 byte | Key Version Number | 1.0.0 to 1.6.5 |
| dcerpc.krb5_av.prot_level | Unsigned integer, 1 byte | Protection Level | 1.0.0 to 1.6.5 |
| dcerpc.lsa_String.name_len | Unsigned integer, 2 bytes | Name Len | 1.4.0 to 1.6.5 |
| dcerpc.lsa_String.name_size | Unsigned integer, 2 bytes | Name Size | 1.4.0 to 1.6.5 |
| dcerpc.nt.acb.autolock | Boolean | Account is autolocked | 1.0.0 to 1.6.5 |
| dcerpc.nt.acb.disabled | Boolean | Account disabled | 1.0.0 to 1.6.5 |
| dcerpc.nt.acb.domtrust | Boolean | Interdomain trust account | 1.0.0 to 1.6.5 |
| dcerpc.nt.acb.homedirreq | Boolean | Home dir required | 1.0.0 to 1.6.5 |
| dcerpc.nt.acb.mns | Boolean | MNS logon user account | 1.0.0 to 1.6.5 |
| dcerpc.nt.acb.normal | Boolean | Normal user account | 1.0.0 to 1.6.5 |
| dcerpc.nt.acb.pwnoexp | Boolean | Password expires | 1.0.0 to 1.6.5 |
| dcerpc.nt.acb.pwnotreq | Boolean | Password required | 1.0.0 to 1.6.5 |
| dcerpc.nt.acb.svrtrust | Boolean | Server trust account | 1.0.0 to 1.6.5 |
| dcerpc.nt.acb.tempdup | Boolean | Temporary duplicate account | 1.0.0 to 1.6.5 |
| dcerpc.nt.acb.wstrust | Boolean | Workstation trust account | 1.0.0 to 1.6.5 |
| dcerpc.nt.acct_ctrl | Unsigned integer, 4 bytes | Acct Ctrl | 1.0.0 to 1.6.5 |
| dcerpc.nt.attr | Unsigned integer, 4 bytes | Attributes | 1.0.0 to 1.6.5 |
| dcerpc.nt.close_frame | Frame number | Frame handle closed | 1.0.0 to 1.6.5 |
| dcerpc.nt.count | Unsigned integer, 4 bytes | Count | 1.0.0 to 1.6.5 |
| dcerpc.nt.domain_sid | Character string | Domain SID | 1.0.0 to 1.6.5 |
| dcerpc.nt.guid | Globally Unique Identifier | GUID | 1.0.0 to 1.6.5 |
| dcerpc.nt.logonhours.divisions | Unsigned integer, 2 bytes | Divisions | 1.0.0 to 1.6.5 |
| dcerpc.nt.open_frame | Frame number | Frame handle opened | 1.0.0 to 1.6.5 |
| dcerpc.nt.str.len | Unsigned integer, 2 bytes | Length | 1.0.0 to 1.6.5 |
| dcerpc.nt.str.size | Unsigned integer, 2 bytes | Size | 1.0.0 to 1.6.5 |
| dcerpc.nt.unknown.char | Unsigned integer, 1 byte | Unknown char | 1.0.0 to 1.6.5 |
| dcerpc.obj_id | Globally Unique Identifier | Object | 1.0.0 to 1.6.5 |
| dcerpc.op | Unsigned integer, 2 bytes | Operation | 1.0.0 to 1.6.5 |
| dcerpc.opnum | Unsigned integer, 2 bytes | Opnum | 1.0.0 to 1.6.5 |
| dcerpc.pkt_type | Unsigned integer, 1 byte | Packet type | 1.0.0 to 1.6.5 |
| dcerpc.reassembled.length | Unsigned integer, 4 bytes | Reassembled DCE/RPC length | 1.4.0 to 1.6.5 |
| dcerpc.reassembled_in | Frame number | Reassembled PDU in frame | 1.0.0 to 1.6.5 |
| dcerpc.referent_id | Unsigned integer, 4 bytes | Referent ID | 1.0.0 to 1.6.5 |
| dcerpc.request_in | Frame number | Request in frame | 1.0.0 to 1.6.5 |
| dcerpc.response_in | Frame number | Response in frame | 1.0.0 to 1.6.5 |
| dcerpc.server_accepting_cancels | Boolean | Server accepting cancels | 1.0.0 to 1.6.5 |
| dcerpc.time | Time offset | Time from request | 1.0.0 to 1.6.5 |
| dcerpc.unknown_if_id | Boolean | Unknown DCERPC interface id | 1.0.0 to 1.6.5 |
| dcerpc.ver | Unsigned integer, 1 byte | Version | 1.0.0 to 1.6.5 |
| dcerpc.ver_minor | Unsigned integer, 1 byte | Version (minor) | 1.0.0 to 1.6.5 |
| dcerpc_cn_rts_command | Unsigned integer, 4 bytes | RTS Command | 1.6.0 to 1.6.5 |
| dcerpc_cn_rts_command.addrtype | Unsigned integer, 4 bytes | Address Type | 1.6.0 to 1.6.5 |
| dcerpc_cn_rts_command.associationgroupid | Globally Unique Identifier | Association Group ID | 1.6.0 to 1.6.5 |
| dcerpc_cn_rts_command.channellifetime | Unsigned integer, 4 bytes | Channel Lifetime | 1.6.0 to 1.6.5 |
| dcerpc_cn_rts_command.clientkeepalive | Unsigned integer, 4 bytes | Client Keepalive | 1.6.0 to 1.6.5 |
| dcerpc_cn_rts_command.connectiontimeout | Unsigned integer, 4 bytes | Connection Timeout | 1.6.0 to 1.6.5 |
| dcerpc_cn_rts_command.cookie | Globally Unique Identifier | Cookie | 1.6.0 to 1.6.5 |
| dcerpc_cn_rts_command.fack.availablewindow | Unsigned integer, 4 bytes | Available Window | 1.6.0 to 1.6.5 |
| dcerpc_cn_rts_command.fack.bytesreceived | Unsigned integer, 4 bytes | Bytes Received | 1.6.0 to 1.6.5 |
| dcerpc_cn_rts_command.fack.channelcookie | Globally Unique Identifier | Channel Cookie | 1.6.0 to 1.6.5 |
| dcerpc_cn_rts_command.forwarddestination | Unsigned integer, 4 bytes | Forward Destination | 1.6.0 to 1.6.5 |
| dcerpc_cn_rts_command.padding.conformancecount | Unsigned integer, 4 bytes | Conformance Count | 1.6.0 to 1.6.5 |
| dcerpc_cn_rts_command.padding.padding | Sequence of bytes | Padding | 1.6.0 to 1.6.5 |
| dcerpc_cn_rts_command.pingtrafficsentnotify | Unsigned integer, 4 bytes | Ping Traffic Sent Notify | 1.6.0 to 1.6.5 |
| dcerpc_cn_rts_command.receivewindowsize | Unsigned integer, 4 bytes | Receive Window Size | 1.6.0 to 1.6.5 |
| dcerpc_cn_rts_command.version | Unsigned integer, 4 bytes | Version | 1.6.0 to 1.6.5 |