tcpdump mailing list archives
Re: DCERPC
From: rixed () happyleptic org
Date: Mon, 18 Apr 2011 10:00:22 +0200
-[ Wed, Apr 13, 2011 at 10:21:52PM +0900, Andrej van der Zee ]----
It works fine except when DCERPC-packets are found in the middle of a data-transfer between an HTTP client and server (example of such a DCERPC-packet see below, captured with Wireshark). (...) [Unreassembled Packet [incorrect TCP checksum]: DCERPC]
What about this TCP incorrect checksum? If these are incoming frames, there is no reason for the sum to be invalid, except if the packet was actually damaged, thus maybe the erroneous attribution of it's payload to DCE/RPC? - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- DCERPC Andrej van der Zee (Apr 13)
- Re: DCERPC rixed (Apr 18)