| Bug ID |
8952
|
| Summary |
correctly show flags of Microsoft Bind Time Feature Negotiation for DCE/RPC
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
SVN
|
| Hardware |
x86
|
| OS |
Mac OS X 10.7
|
| Status |
UNCONFIRMED
|
| Severity |
Enhancement
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Build Information:
--
Microsoft describes a feature called Bind Time Feature Negotiation used in
DCE/RPC Bind/BindAck PDUs. See
http://msdn.microsoft.com/en-us/library/cc243715.aspx
In the Bind PDU they encode 2 bits into the Transfer Syntax UUID. In the
BindAck PDU they encode 2 bits into the result code. The attached patch
dissects these two special bits. For the UUID I've simply added 4 UUIDs each
with the same name; this works best with the DCE/RPC UUID lookup code. If
Microsoft would ever introduce more bits we could change this to a better
handling, since the current solution obviously doesn't scale.
Apart from adding new hf_ and ett_ variables and using them, I've also renamed
"Transport Syntax" to "Transfer Syntax", since the specifications only use
"Transfer".
The attached capture file contains a DCE/RPC session showcasing the Bind Time
Feature Negotiation in the Bind and BindAck PDUs.
You are receiving this mail because:
- You are watching all bug changes.
