Wireshark mailing list archives
DCERPC over TCP
From: Andrej van der Zee <andrejvanderzee () gmail com>
Date: Tue, 20 Dec 2011 02:43:54 +0100
Hi, I was wondering how Wireshark detects DCERPC over TCP. I was under the impression that Wireshark uses fixed TCP port numbers for this. But I am looking at a TCP stream that, right after the connection is established on TCP port 1207, shows DCERPC packets. Although TCP port 1207 is an IANA registered port for "metasaga", Googling for it doesn't give me much. So now I am doubting if Wireshark really uses fixed port numbers for DCERPC over TCP, and if so, where can I find the list of port numbers it uses (there is no input field in Wireshark's Preferences as there is for HTTP)? Thank you, Andrej ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- DCERPC over TCP Andrej van der Zee (Dec 19)
- Re: DCERPC over TCP Guy Harris (Dec 19)
- Re: DCERPC over TCP Bill Meier (Dec 19)
- Re: DCERPC over TCP Andrej van der Zee (Dec 19)
- Re: DCERPC over TCP Andrej van der Zee (Dec 26)
- Re: DCERPC over TCP Chris Maynard (Dec 27)
- Re: DCERPC over TCP Guy Harris (Dec 27)
- Re: DCERPC over TCP Andrej van der Zee (Dec 27)