Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Smb2-protocol: [Smb2-protocol] dcerpc over smb2

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Sat, 12 Nov 2005 05:06:07 -0400
Ethereal now has a rudimentary dcerpc over smb2 support


it still lacks heuristics to determine when unknown files might be
dcerpc or not.
it currently require that the TreeConnect for the share was present in
the capture and tha the share is named IPC$

it also does not yet do multiplexing between concurrent dcerpc across
multiple open pipes on the same tcp conversation
so it might be "confused" if there are multiple pipes open at the same
time between a client and a server.


the old SRVSVC interface has been spotted ontop of such pipes.


as for very modern clients   it does all the dcerpc across the pipes
using normal Read and Write calls.