Wireshark mailing list archives

Re: Writing a Dissector to MS-DCE RPC

From: Stephen Fisher <steve () stephen-fisher com>
Date: Sun, 25 Apr 2010 15:46:26 -0600

On Wed, Apr 21, 2010 at 01:22:35PM +0530, Arjun Nanjundappa wrote:

So, I have started to write a dissector for decoding EcdoRpcExt2 
message. But since the message is compressed , I am getting a 
compressed message in the following format for the Hex-dump message.

Please provide me info as I how I need to decompress and decode the 
message .


Are you sure it's compressed?  I am not very familiar with that 
protocol, but it looks like Microsoft's 0xA5 XOR against the real data 
obfuscation.


-- 
Steve
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Writing a Dissector to MS-DCE RPC Arjun Nanjundappa (Apr 21)
- Re: Writing a Dissector to MS-DCE RPC Stephen Fisher (Apr 25)