Wireshark · Ethereal-dev: Re: Re: [Ethereal-dev] Any chance to get something like "decode as" for DCE-RPC interfaces?

Ethereal-dev: Re: Re: [Ethereal-dev] Any chance to get something like "decode as" for DCE-RPC

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>

Date: Sat, 21 Aug 2004 20:50:02 +1000

No, that is true.   DCE-RPC never include the interface id in the PDU
for connection oriented transports such as TCP and SMB.
This is the way DCE-RPC is supposed to work and applies to all DCE-RPC
communications, including Microsofts DCE-RPC implementation.

The ONLY time the interface uuid is specified in the PDU is in the
actual BIND command  where the uuid is associated with a session
context.
If the BIND call is missing from the capture, there will never be any
interface uuid at all in the capture.

I.e.   for DCE-RPC   the ONLY packet that contains the interface uuid
for connection oriented transports will be the BIND call.

On Fri, 20 Aug 2004 17:00:04 +0100 (BST), Ober Heim  wrote:
> Sounds like MS rpc's dont include the proper interface id on all
> packets...

References:
- [Ethereal-dev] Any chance to get something like "decode as" for DCE-RPC interfaces?
  - From: Ulf Lamping
- Re: [Ethereal-dev] Any chance to get something like "decode as" for DCE-RPC interfaces?
  - From: Ober Heim

Prev by Date: Re: [Ethereal-dev] patch: DAAP dissector
Next by Date: [Ethereal-dev] patch: DAAP dissector [2nd try]
Previous by thread: Re: [Ethereal-dev] Any chance to get something like "decode as" for DCE-RPC interfaces?
Next by thread: RE: [Ethereal-dev] Any chance to get something like "decode as" for DCE-RPC interfaces?
Index(es):
- Date
- Thread