Wireshark mailing list archives
Re: Writing a Dissector to MS-DCE RPC
From: Stephen Fisher <steve () stephen-fisher com>
Date: Sun, 25 Apr 2010 15:46:26 -0600
On Wed, Apr 21, 2010 at 01:22:35PM +0530, Arjun Nanjundappa wrote:
So, I have started to write a dissector for decoding EcdoRpcExt2 message. But since the message is compressed , I am getting a compressed message in the following format for the Hex-dump message.
Please provide me info as I how I need to decompress and decode the message .
Are you sure it's compressed? I am not very familiar with that protocol, but it looks like Microsoft's 0xA5 XOR against the real data obfuscation. -- Steve ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Writing a Dissector to MS-DCE RPC Arjun Nanjundappa (Apr 21)
- Re: Writing a Dissector to MS-DCE RPC Stephen Fisher (Apr 25)