Hello,
I asked a similar question last month regarding the ability to read SMBreadX requests. My problem was that I did not have Ethereal properly configured to dissect the trace.
It is likely that I'm having a similar problem here.
Please look at the attached trace. I am attempting to dissect the DCE payload in frame 5. However, it is encapsulated in a WriteAndX request as the "file data".
Is there any way to get Ethereal to interpret the "file data" field as DCE/RPC?
I have enabled the following options to no success:
DCERPC - Desegment all DCE/RPC over TCP
DCERPC - Reassemble DCE/RPC fragments
NBSS- Desegment all NBSS packets spanning multiple TCP segments
NetBIOS - Defragment all NetBIOS messages spanning multiple frames
SMB - Reassemble SMB Transaction Payload
SMB - Reassemble DCERPC over SMB
TCP - Allow subdissector to desegment TCP streams
I suspect I'm probably doing something wrong, and feel rather stupid asking a very similar question as a month earlier. Any advice that can be offered would be greatly appreciated.
Thanks in advance,
Devin Heitmueller
Senior Software Engineer
Netilla Networks Inc
Attachment:
nt42n2000passchange2.eth
Description: Binary data