Wireshark · Ethereal-dev: [Ethereal-dev] Why "decode as" have no DCERPC?

Ethereal-dev: [Ethereal-dev] Why "decode as" have no DCERPC?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Thu, 19 Jan 2006 12:36:19 +0800

I had captured some V4 DCERPC packets using ethereal 0.10.14, 
one of those is conv_who_are_you2, it's frame 2:

1 122 MGMT   10.10.7.2  10.10.7.44 4717 1027 rpc__mgmt_inq_if_ids request
2 142 UDP    10.10.7.44 10.10.7.2  2536 4717 Source port: 2536  Destination port: 4717
3 146 UDP    10.10.7.2  10.10.7.44 4717 2536 Source port: 4717  Destination port: 2536
4 122 DCERPC 10.10.7.44 10.10.7.2  2536 4717 Ack: seq: 0
5 450 MGMT   10.10.7.44 10.10.7.2  1027 4717 rpc__mgmt_inq_if_ids response
6 122 DCERPC 10.10.7.2  10.10.7.44 4717 1027 Ack: seq: 0 [req: #1]

but I can't get CONV, ethereal 0.10.14 don't decode it. The packet-dcerpc-conv.c
seems correct.

So I choose "decode as", but DCERPC and/or CONV isn't there.

Why "decode as" have no DCERPC?

----

Prev by Date: [Ethereal-dev] Buildbot crash output
Next by Date: [Ethereal-dev] RE: [Ethereal-users] BUG: 802.1ab (a.k.a LLDP) - Chassis ID TLV = IPAddress
Previous by thread: Re: [Ethereal-dev] patch adding .1q vlans as an option for the columns
Next by thread: [Ethereal-dev] RE: [Ethereal-users] BUG: 802.1ab (a.k.a LLDP) - Chassis IDTLV = IPAddress
Index(es):
- Date
- Thread