Wireshark · Wireshark-dev: [Wireshark-dev] Writing a Dissector to MS-DCE RPC

Wireshark-dev: [Wireshark-dev] Writing a Dissector to MS-DCE RPC

From: Arjun Nanjundappa <arjun.laxman@xxxxxxxxx>

Date: Wed, 21 Apr 2010 13:22:35 +0530

Hi,

I am trying to write a dissector for MS-DCE RPC for messages sent between Outlook Client and the Exchange Server.

I have started to capture the messages using Wireshark(1.2.0), but getting message with some 180 bytes of stub data without decoding.

So, I have started to write a dissector for decoding EcdoRpcExt2 message. But since the message is compressed , I am getting a compressed message in the following format for the Hex-dump message.

a4 a5 a5 a4 a5 a5 4e a4 a5 a5 a4 a5 a5 a5 a5 a5 a6 a5 a5 a4 a4 ad a5 a4 a4 a4 a5 a7 a5 a4 a9 a5 a5 a5 a5 a5 a7 a5 a5 a5 a4 a9 a5 a5 a5 a5 a5 a7 a5 a5 a5 a5 a5 a5 .

Please provide me info as I how I need to decompress and decode the message .

Regards,

Arjun

Follow-Ups:
- Re: [Wireshark-dev] Writing a Dissector to MS-DCE RPC
  - From: Stephen Fisher

Prev by Date: Re: [Wireshark-dev] se_alloc() GSList segfault woes
Next by Date: Re: [Wireshark-dev] [Wireshark-commits] rev 32529: /trunk/ /trunk/: config.nmake
Previous by thread: Re: [Wireshark-dev] Basics of Wireshark development
Next by thread: Re: [Wireshark-dev] Writing a Dissector to MS-DCE RPC
Index(es):
- Date
- Thread