Chadwick,
Ethereal believes that a captured packet is a piece of a DCE/RPC
message. DCE/RPC is a remote procedure protocol used (in various
forms) by a large number of different applications, though most
commonly used with CIFS ("Windows Networking"). In some cases large
messages may be "fragmented" across multiple packets.
This may be a piece of a message that is involved with performing
user/system authentication of some kind, server administration, share
listing, etc.
Ethereal can try to reassemble the DCE/RPC fragments by enabling the
Preferences->Protocols->DCERPC->Reassemble options, though the DCE/RPC
message may (and most likely does) sit on top of other protocols, like
SMB and TCP, which you also would want to enable reassembly for.
Ian Schorr
On Oct 8, 2004, at 1:36 PM, Chadwick Whenry wrote:
Hello,
I have Ethereal 0.10.6.
During the results form the capture session. In the INFO column, the
results " [DCE / RPC FRAGMENT]are shown. What exactly is this results
saying.
Thank you for any help that you can give me.
Chadwick D. Whenry
System Administrator
Conestoga Valley High School
2110 Horseshoe Road
Lancaster, PA 17601
717.397.5231 x3024
"Duck tape is like the Force...It has a Light and Dark side and holds
all pieces of the Universe Together"
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
