Wireshark mailing list archives
Re: How is this DCERPC packet content interpreted?
From: ronnie sahlberg <ronniesahlberg () gmail com>
Date: Sat, 25 Feb 2012 00:44:33 +1100
"I need to write a code which will work for all DCERPC packets."wr What kind of code do you need to write? Marshalling and unmarshalling code for an interface transported ontop of DCE/RPC ? You do not want to write this code by hand. First of all DCE/RPC is very complex, so handmarshalled coding is very difficult to do and requires expert knowledge about NDR. Very few people can do this. What you need is use an existing, or develop a new protocol compiler and use it to generate code for your unmarshaller. You should try to use an DCE/RPC compiler to generate an autogenerated unmarshaller for you. regards ronnie sahlberg On Fri, Feb 24, 2012 at 12:12 AM, rahul sharma <rahulatgslab () gmail com> wrote:
Hi All, I have attached an image file and a pcap file with the packets captured. You can see the packets by applying the filter "dcerpc" and see for packet no. 1610. I am unable to get how to see the payload of MSRPC and get the port_no and IP_Address exchanged in that packet. I need to write a code which will work for all DCERPC packets. Do help me in understanding the basic protocol format of DCERPC. Thanks and Regards Rahul Sharma ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How is this DCERPC packet content interpreted? rahul sharma (Feb 23)
- Re: How is this DCERPC packet content interpreted? Unuetzer, Christian (AMOS SE) (Feb 23)
- Re: How is this DCERPC packet content interpreted? rahul sharma (Feb 23)
- Re: How is this DCERPC packet content interpreted? rahul sharma (Feb 24)
- Re: How is this DCERPC packet content interpreted? ronnie sahlberg (Feb 24)
- Re: How is this DCERPC packet content interpreted? rahul sharma (Feb 23)
- Re: How is this DCERPC packet content interpreted? Unuetzer, Christian (AMOS SE) (Feb 23)
- Re: How is this DCERPC packet content interpreted? ronnie sahlberg (Feb 24)