Wireshark mailing list archives

DCERPC over TCP

From: Andrej van der Zee <andrejvanderzee () gmail com>
Date: Tue, 20 Dec 2011 02:43:54 +0100

Hi,

I was wondering how Wireshark detects DCERPC over TCP. I was under the
impression that Wireshark uses fixed TCP port numbers for this. But I
am looking at a TCP stream that, right after the connection is
established on TCP port 1207, shows DCERPC packets. Although TCP port
1207 is an IANA registered port for "metasaga", Googling for it
doesn't give me much. So now I am doubting if Wireshark really uses
fixed port numbers for DCERPC over TCP, and if so, where can I find
the list of port numbers it uses (there is no input field in
Wireshark's Preferences as there is for HTTP)?

Thank you,
Andrej
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

DCERPC over TCP Andrej van der Zee (Dec 19)
- Re: DCERPC over TCP Guy Harris (Dec 19)
- Re: DCERPC over TCP Bill Meier (Dec 19)
  - Re: DCERPC over TCP Andrej van der Zee (Dec 19)
  - Re: DCERPC over TCP Andrej van der Zee (Dec 26)
    - Re: DCERPC over TCP Chris Maynard (Dec 27)
    - Re: DCERPC over TCP Guy Harris (Dec 27)
    - Re: DCERPC over TCP Andrej van der Zee (Dec 27)