Wireshark · Wireshark-dev: Re: [Wireshark-dev] Writing a Dissector to MS-DCE RPC

Wireshark-dev: Re: [Wireshark-dev] Writing a Dissector to MS-DCE RPC

From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>

Date: Sun, 25 Apr 2010 15:46:26 -0600

On Wed, Apr 21, 2010 at 01:22:35PM +0530, Arjun Nanjundappa wrote:

> So, I have started to write a dissector for decoding EcdoRpcExt2 
> message. But since the message is compressed , I am getting a 
> compressed message in the following format for the Hex-dump message.

> Please provide me info as I how I need to decompress and decode the 
> message .

Are you sure it's compressed?  I am not very familiar with that 
protocol, but it looks like Microsoft's 0xA5 XOR against the real data 
obfuscation.


-- 
Steve

References:
- [Wireshark-dev] Writing a Dissector to MS-DCE RPC
  - From: Arjun Nanjundappa

Prev by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on Windows-XP-x86
Next by Date: Re: [Wireshark-dev] Help Me To Solve The Problem
Previous by thread: [Wireshark-dev] Writing a Dissector to MS-DCE RPC
Next by thread: Re: [Wireshark-dev] [Wireshark-commits] rev 32529: /trunk/ /trunk/: config.nmake
Index(es):
- Date
- Thread