Wireshark · Ethereal-dev: [Ethereal-dev] MAPI and Exchange

[Sebastien morin <morin_s@xxxxxxxxxxx>]

Hello,

	We work on the Openchange Project
	Openchange intends to provide an Open-Source implementation of Microsoft
	Exchange Server 2003 under Unix Platforms.

	I work on the Openchange Part and hard for Stub data after
	Bind & Bind Ack on the port mapper 135 between a Exchange server
	and a outlook client.

see below the 132 bytes

						 01 00   ........ ........
0050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
0060  00 00 02 00 00 00 4b 00  00 00 4b 00 00 00 05 00   ......K. ..K.....
0070  13 00 0d e0 f5 44 15 3c  61 d1 11 93 df 00 c0 4f   .....D.< a......O
0080  d7 bd 09 01 00 02 00 00  00 13 00 0d 04 5d 88 8a   ........ .....]..
0090  eb 1c c9 11 9f e8 08 00  2b 10 48 60 02 00 02 00   ........ +.H`....
00a0  00 00 01 00 0b 02 00 00  00 01 00 07 02 00 00 87   ........ ........
00b0  01 00 09 04 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
00c0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 04 00   ........ ........
00d0  00 00                                              ..

I have identifers some parts of this, but many things remain fuzzy.

I would like to gather informations of people who worked above to advance
more quickly and to be able to divide it.

Thks for your suggestions.

-- 
Sebastien Morin
Epitech
Openchange Project : http://www.openchange.org



> Unfortunately no.    No one has as far as i know worked on trying to rev
> engineer the rpc protocol implemented ontop of
> MAPI yet.
> As far as i could tell when i looked at it about 2 years ago, it did not
> look like any known encodings like BER/DER  NDR etc etc.
> Could be PER but I dont know.

> If one knew what DLLs are used with the process maybe one can make a
> guess on what kind of wire encoding is used.

> But i fear it would be a lot of work required to reverse engineer it. A lot
> of work.
> It would probably also require one to have a full blown exchange setup with
> clients where one can make a small operation and see
> what rpc they generate.



----- Original Message -----
From: "Cresley Dansen"
Sent: Thursday, April 29, 2004 8:28 AM
Subject: [Ethereal-dev] MAPI and Exchange


>> Hi, there,
>>
>> Can anyone tell me if the MAPI parser is finally made
>> to work or not? I have the latest version of Ethereal
>> and when I use it to display captured Exchange packets,
>> it only parses up to the RPC header and all Exchange contents
>> are shown as "stub data"?
>>
>> Any info is appreciated?