Wireshark mailing list archives
Re: How is this DCERPC packet content interpreted?
From: "Unuetzer, Christian (AMOS SE)" <christian.unuetzer () allianz de>
Date: Thu, 23 Feb 2012 15:57:10 +0100
Hi Rahul, there are two tower pointers with port# and IP addr! You can see the payload on the tcp level (for frame 1610 -- payload =240 byte (see attached image as well))! Regards Christian __________________________________________ Christian Unützer Allianz Managed Operations & Services SE ASIC Operations A-IT05NCV04 - Network Management & NZA-APA Services Gutenbergstraße 8 85774 Unterföhring, Germany Phone: +49 89 3800 18024 Mobile: +49 89 8916304 Fax: +49 89 3800 818024 E-Mail: christian.unuetzer () allianz com<mailto:christian.unuetzer () allianz com> Allianz Managed Operations & Services SE: Vorsitzender des Aufsichtsrats / Chairman of the Supervisory Board: Dr. Christof Mascher. Vorstand / Board of Management: Sylvie Ouziel, Vorsitzende / Chairwoman; Dr. Rüdiger Schäfer, Dr. Ralf Schneider, Holger Werner (Stand / Release 02.2012). Sitz der Gesellschaft / Registered Office: München / Munich. Registergericht / Registration Court: München/Munich HRB 173 388. USt-Id-Nr./VAT ID Number: DE 815 001 893. Please note: This email and any files transmitted with it is intended only for the named recipients and may contain confidential and/or privileged information. If you are not the intended recipient, please do not read, copy, use or disclose the contents of this communication to others and notify the sender immediately. Then please delete the email and any copies of it. Thank you. P Please consider the environment before printing this e-mail. ________________________________ Von: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] Im Auftrag von rahul sharma Gesendet: Donnerstag, 23. Februar 2012 14:12 An: wireshark-users () wireshark org Betreff: [Wireshark-users] How is this DCERPC packet content interpreted? Hi All, I have attached an image file and a pcap file with the packets captured. You can see the packets by applying the filter "dcerpc" and see for packet no. 1610. I am unable to get how to see the payload of MSRPC and get the port_no and IP_Address exchanged in that packet. I need to write a code which will work for all DCERPC packets. Do help me in understanding the basic protocol format of DCERPC. Thanks and Regards Rahul Sharma
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How is this DCERPC packet content interpreted? rahul sharma (Feb 23)
- Re: How is this DCERPC packet content interpreted? Unuetzer, Christian (AMOS SE) (Feb 23)
- Re: How is this DCERPC packet content interpreted? rahul sharma (Feb 23)
- Re: How is this DCERPC packet content interpreted? rahul sharma (Feb 24)
- Re: How is this DCERPC packet content interpreted? ronnie sahlberg (Feb 24)
- Re: How is this DCERPC packet content interpreted? rahul sharma (Feb 23)
- Re: How is this DCERPC packet content interpreted? Unuetzer, Christian (AMOS SE) (Feb 23)
- Re: How is this DCERPC packet content interpreted? ronnie sahlberg (Feb 24)