Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] How is this DCERPC packet content interpreted?

From: rahul sharma <rahulatgslab@xxxxxxxxx>
Date: Thu, 23 Feb 2012 18:42:25 +0530
Hi All,

I have attached an image file and a pcap file with the packets captured. You can see the packets by applying the filter "dcerpc" and see for packet no. 1610. I am unable to get how to see the payload of MSRPC and get the port_no and IP_Address exchanged in that packet. I need to write a code which will work for all DCERPC packets. Do help me in understanding the basic protocol format of DCERPC.

Thanks and Regards
Rahul Sharma

Attachment: test123.PNG
Description: PNG image

Attachment: dcerpc.pcap
Description: Binary data