Hi Todd,
At 07:37 PM 3/17/01 -0500, Todd Sabin wrote:
>
>
>Hi,
>
>Attached is a new dissector for msrpc. I suppose it could also be
>called dcerpc, but I use it with MS stuff all the time, so that's what
>I've called it for now. If you want to rename it, that's fine with
>me.
>
>Anyway, this is really just an initial pass at it; there's still lots
>of stuff to add. I'm looking for feedback on whether I'm headed in
>the right direction, doing things the right way, etc.
>
>Currently, it only handles TCP and UDP based calls. If someone
>familiar with the packet-smb.c code can get that to hand off \PIPE\
>Request and Responses to dissect_msrpc_cn, it should handle that, too.
Hmmm, OK, I might be able to do that this week in Singapore ...
>I'm planning to add hand-offs to specific RPC protocols based on
>interface UUID and version. To do that in the TCP case, I'll need to
>keep track of what's happened earlier in a TCP stream. Am I right in
>thinking that's what the 'conversation' stuff I've seen is for?
Well, its that and per-packet state info ... Perhaps we should talk about
this, as I have done similar things for packet-smtp and packet-bxxp.
However, Guy went over the packet-smtp code very thoroughly, so he know
what it is about as well.
>Todd
>
>
>Attachment Converted: "c:\eudora\attach\packet-msrpc1.c"
>
Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx
Samba (Team member, www.samba.org), Ethereal (Team member, www.ethereal.com)
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba
