Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How is this DCERPC packet content interpreted?

From: "Unuetzer, Christian (AMOS SE)" <christian.unuetzer () allianz de>
Date: Thu, 23 Feb 2012 15:57:10 +0100
Hi Rahul,


there are two tower pointers with port# and IP addr!
You can see the payload on the tcp level (for frame 1610 -- payload =240 byte (see attached image as well))!

Regards
Christian


__________________________________________
Christian Unützer

Allianz Managed Operations & Services SE
ASIC Operations
A-IT05NCV04 - Network Management & NZA-APA Services
Gutenbergstraße 8
85774 Unterföhring, Germany

Phone:    +49 89 3800 18024
Mobile:     +49 89 8916304
Fax:          +49 89 3800 818024
E-Mail:     christian.unuetzer () allianz com<mailto:christian.unuetzer () allianz com>


Allianz Managed Operations & Services SE: Vorsitzender des Aufsichtsrats / Chairman of the Supervisory Board: Dr. 
Christof Mascher. Vorstand / Board of Management: Sylvie Ouziel, Vorsitzende / Chairwoman; Dr. Rüdiger Schäfer, Dr. 
Ralf Schneider, Holger Werner (Stand / Release 02.2012). Sitz der Gesellschaft / Registered Office: München / Munich. 
Registergericht / Registration Court: München/Munich HRB 173 388. USt-Id-Nr./VAT ID Number: DE 815 001 893.

Please note: This email and any files transmitted with it is intended only for the named recipients and may contain 
confidential and/or privileged information. If you are not the intended recipient, please do not read, copy, use or 
disclose the contents of this communication to others and notify the sender immediately. Then please delete the email 
and any copies of it. Thank you.
P Please consider the environment before printing this e-mail.


________________________________
Von: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] Im Auftrag von rahul 
sharma
Gesendet: Donnerstag, 23. Februar 2012 14:12
An: wireshark-users () wireshark org
Betreff: [Wireshark-users] How is this DCERPC packet content interpreted?

Hi All,

I have attached an image file and a pcap file with the packets captured. You can see the packets by applying the filter 
"dcerpc" and see for packet no. 1610. I am unable to get how to see the payload of MSRPC and get the port_no and 
IP_Address exchanged in that packet. I need to write a code which will work for all DCERPC packets. Do help me in 
understanding the basic protocol format of DCERPC.

Thanks and Regards
Rahul Sharma


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: