[Guy Harris <gharris@xxxxxxxxx>]

On Sun, Jun 16, 2002 at 02:52:23PM -0700, Jaime Fournier wrote:
> Let me look through my archives.
> I have plenty of traces for connectionless, just to
> make sure it is sanitized.

Well, the trace you had didn't appear to have all of the fragments, so I
couldn't fully test reassembly - it also appeared to have incomplete
fragmented IP datagrams, some of which were part of some of the missing
fragments.

I've checked in code that *should* correctly handle fragmented
connectionless DCE RPC; if you get the current CVS source via anonymous
CVS:

	http://www.ethereal.com/development.html#anoncvs

(note that checkins don't appear there immediately - make sure you have
version 1.57 of "packet-dcerpc.c"), or, if you can't use anonymous CVS
(e.g., because of a firewall problem), and you instead grab the *next*
nightly CVS snapshot:

	http://www.ethereal.com/development.html#snapshots

(that'd be "ethereal-2002-06-17.tar.gz" or later; 06-16 won't have it),
and you build that (note that to build from CVS you'll need more tools
installed, such as Python), you should get the latest code.

You'll have to enable reassembly of fragmented DCE RPC packets, as per
Ronnie's mail; you can enable it in Ethereal or Tethereal with the
command-line argument "-o dcerpc.reassemble_dcerpc:true", or can enable
it from the GUI in Ethereal by:

	selecting "Preferences" from the "Edit" menu;

	opening up the "Protocols" list on the left pane;

	selecting "DCERPC";

	turning "Reassemble DCE/RPC fragments" on;

	clicking "OK";

or can put that setting in your preferences file either by

	1) doing a "Save" before the "OK" in the previous GUI
	   instructions

or

	2) adding the line

		dcerpc.reassemble_dcerpc: true

	   to your "preferences" file ("~/.ethereal/preferences" on
	   UNIX, "Application Data\Ethereal\preferences" in your profile
	   directory on Windows).