Wireshark mailing list archives

Writing a Dissector to MS-DCE RPC

From: Arjun Nanjundappa <arjun.laxman () gmail com>
Date: Wed, 21 Apr 2010 13:22:35 +0530

Hi,
  I am trying to write a dissector for MS-DCE RPC for messages sent between
Outlook Client and the Exchange Server.
    I have started to capture the  messages using Wireshark(1.2.0), but
getting message with some 180 bytes of stub data without decoding.

  So, I have started to write a dissector for decoding EcdoRpcExt2 message.
But since the message is compressed , I am getting a compressed message in
the following format for the Hex-dump message.
a4 a5 a5 a4 a5 a5 4e a4 a5 a5 a4 a5 a5 a5 a5 a5 a6 a5 a5 a4 a4 ad a5 a4 a4
a4 a5 a7 a5 a4 a9  a5 a5 a5 a5 a5 a7 a5 a5 a5 a4 a9 a5 a5 a5 a5 a5 a7 a5 a5
a5 a5 a5 a5 .

    Please provide me info as I how I need to decompress and decode the
message .

Regards,
Arjun

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Writing a Dissector to MS-DCE RPC Arjun Nanjundappa (Apr 21)
- Re: Writing a Dissector to MS-DCE RPC Stephen Fisher (Apr 25)