Hi,
I was wondering how Wireshark detects DCERPC over TCP. I was under the
impression that Wireshark uses fixed TCP port numbers for this. But I
am looking at a TCP stream that, right after the connection is
established on TCP port 1207, shows DCERPC packets. Although TCP port
1207 is an IANA registered port for "metasaga", Googling for it
doesn't give me much. So now I am doubting if Wireshark really uses
fixed port numbers for DCERPC over TCP, and if so, where can I find
the list of port numbers it uses (there is no input field in
Wireshark's Preferences as there is for HTTP)?
Thank you,
Andrej
