ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] Any chance to get something like "decode as" for DCE-RPC inte

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Ober Heim <ober@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 20 Aug 2004 17:00:04 +0100 (BST)
Sounds like MS rpc's dont include the proper interface id on all 
packets...

On Wed, 18 Aug 2004, Ulf Lamping wrote:

> Hi List!
> 
> I have an ongoing problem with DCE-RPC (DCOM) calls.
> 
> If I couldn't get the context of a DCE-RPC call (because I've missed the 
> "bind" or "alter context" packets), Ethereal can't get a match between 
> the conversation and the corresponding DCE-RPC call dissection.
> 
> It would be *very nice* to have the "Decode As" feature for DCE-RPC 
> interfaces, so the user could select a specific RPC interface for a 
> specific conversation.
> 
> Had a short look into the decode as dialog, but as I'm not really 
> familiar with the dissection engine, I don't see an easy way to add this 
> feature.
> 
> Anyone interested in implementing such a feature, or at least give an 
> estimation how much effort it would be to implement it and how?
> 
> Regards, ULFL
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube