Re: DCERPC

[rixed () happyleptic org]

-[ Wed, Apr 13, 2011 at 10:21:52PM +0900, Andrej van der Zee ]----
> It works fine except when
> DCERPC-packets are found in the middle of a data-transfer between an
> HTTP client and server (example of such a DCERPC-packet see below,
> captured with Wireshark).
>
> (...)
>
> [Unreassembled Packet [incorrect TCP checksum]: DCERPC]

What about this TCP incorrect checksum?
If these are incoming frames, there is no reason for the sum to be
invalid, except if the packet was actually damaged, thus maybe the
erroneous attribution of it's payload to DCE/RPC?


-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.