["Bhatia, Deepak" <Deepak.Bhatia@xxxxxxxxx>]

Hi Ronnie,
 
We are sure that HpOpenView uses DCE RPC for communicating between HpOpenView Manager (Client) 
and N-Agents (Servers). This is what the customer is asking for.
 
What our customer is asking us to produce the DCE RPC packets which uses TCP/UDP specific port 
number. ? Hence they ask us to determine the TCP/UDP port number and get the protocol data exchanged
on those port numbers.
 
I understand that Client and Server Applications use RPC mechanism in which they exchage RPC Procedures with
there set of parameters. The IDL is used to generate the RPC Procedures.
 
So you mean we need to know what RPC Procedures and parameters for these procedures are used by the
protocol on the top of DCE/RPC.
 
Regards
 
Deepak Bhatia

________________________________

From: ethereal-dev-bounces@xxxxxxxxxxxx on behalf of ronnie sahlberg
Sent: Mon 5/30/2005 2:17 PM
To: Bhatia, Deepak
Cc: Ethereal development
Subject: Re: [Ethereal-dev] Re: DCE RPC



Previously you said you wanted to replay recorded DCE command
sequences, now you say you want to decode DCE packets for a certain
DCE interface?

You do not want to add this as a decode/dissector module for ethereal?
so to what tool/application do you plan to add this feature?

Anyway, if you change your mind and want to add decode of these
packets to ethereal what you need to do is :
1, reverse engineer the protocol used ontop of DCE/RPC. I.e. not
DCE/RPC  but the protocol used ontop of DCE/RPC
2, use the reverse engineered data and produce an IDL protocol
interface description file.
3, use an idl compiler to compile the IDL definition into an ethereal
decoder/dissector.


I seriously doubt that HPOpenView is using DCE/RPC.


On 5/30/05, Bhatia, Deepak <Deepak.Bhatia@xxxxxxxxx> wrote:
> No we don't want to build a module for ethereal. We have an application called HP Openview
> which uses application layer protocol DCE RPC to communicate.
>
> Now we have traces which are communication between HP Openview client (Network Manager)
> and HP Openview server (Agents).
>
> Our plugin should be able to decode the DCE RPC protocol communication traces between
> Network Manager and Agent.
>
> Regards
>
> Deepak Bhatia
>
> ________________________________
>
> From: ethereal-dev-bounces@xxxxxxxxxxxx on behalf of ronnie sahlberg
> Sent: Mon 5/30/2005 1:31 PM
> To: Bhatia, Deepak
> Cc: Ethereal development
> Subject: Re: [Ethereal-dev] Re: DCE RPC
>
>
>
> ok,
>
> so what you essentially want to do is
> build a module for ethereal that can replay recorded DCERPC sequences
> to a DCERPC server.
>
> I assume this is in order to replay DCERPC transactions between a host
> running the
> PSR application and either a windows host or a unix dce/dfs implementation.
> (since these are the only widely used DCE implementations today in
> existence (well unix dce/dfs is not exactly in wide use but anyway).
>
> This is virtually impossible.
> In both cases  before you can issue or replay any commands whatsoever
> to the DCE endpoint you must authenticate.
> Authentication involved in both cases generation of GSS-KRB tokens
> which is impossible unless you know the plaintext password or have
> access to the (in case of dce/dfs) keytab file for the host).
>
> GSS-KRB has replay protection so it is just not possible to replay a
> captured authentication token. GSS-KRB would be pointless if it didnt.
>
>
> The only way in theory that would work would be to
> start by a full blown dce implementation, then add a lot of code to
> intercept and decode all data structures.
> Then   using the plaintext password (which can not be extracted from
> the capture) generate completely new authentication tokens
> remarshalling  the packets etc.
>
> It is just impossible to replay DCE sessions.
>
>
>
> Why do you want to replay DCE sessions?
> Without knowing the plaintext password of the host whose traffic you
> want to replay  or the secret keytab file of that host,    any and all
> replaying of packets would be equivalent to launching a flood ping to
> the receiving host.
>
>
>
>
>
>
> On 5/30/05, Bhatia, Deepak <Deepak.Bhatia@xxxxxxxxx> wrote:
> >
> > Hi Ronnie,
> >
> > Below mentions what I intend to do...................Regards Deepak
> >
> > A key component of the is the Protocol Sequence Replayer (PSR). The job of the PSR is to take a
> > set of recorded traces and create a replay sequence against a machine similar to the
> > destination system in the protocol sequences.
> >
> >
> > The first task requires the ability to decode all protocol fields in the various packet types used in the DCE RPC protocol.
> >
> > This implies reverse-engineering these fields for protocols that are not fully or adequately documented.
> >
> > Typically, these are the protocols that are embedded in widely used software, such as the
> >
> > various versions of the Windows operating system, the various versions of the Linux operating system,
> >
> > Oracle database software etc.
> >
> >
> >
> > The second task requires understanding which fields in the protocol are Dynamic Session Variables.
> > A dynamic session variable is a field whose value may change in multiple identical runs of
> > the same protocol sequence. Examples of dynamic session variables include the dynamically assigned
> > TCP port for FTP data channels, session or transaction IDs in RPC or database protocols, dynamically
> > assigned ports in RPC protocols, etc. Once a set of DSVs have been identified for a protocol,
> > the plug-in needs to be able to dynamically substitute these values from recorded traces into the
> > packets that are sent for replay based on the requirements of the protocol.
> >
> > Regards
> >
> > Deepak Bhatia
> >
> >
> >
> >
> > ________________________________
> >
> > From: ethereal-dev-bounces@xxxxxxxxxxxx on behalf of ronnie sahlberg
> > Sent: Sun 5/29/2005 11:45 AM
> > To: Ethereal development
> > Subject: [Ethereal-dev] Re: DCE RPC
> >
> >
> >
> > What are you planning to do?
> > Your question seems to indicate you want to build a freestanding
> > dce/rpc implementation, something that is impossible with the ethereal
> > code.
> >
> > Yes, ethereal does contain dce/rpc code, lots of it.
> > However, the problemspace ethereal faces is vastly different from a
> > freestanding dce implementation, thus the dce support in ethereal is
> > factored to only address the very limited requirements of ethereal.
> > The ethereal dce implementation is a very reduced functionality
> > implementation that is focused on ONLY providing unmarshalling of data
> > and nothing else.
> > It does this quite well however, but a full implementation of dce
> > mandates a completely different implementation.
> >
> > Full dce and runtime is a major undertaking, I estimate it would take
> > for someone good and very experienced in dce about 2 man years to
> > build.
> > 20+ manyears if the implementors are not very good or not familiar with dce.
> > Compare this with the adapted-to-ethereals-problem-space
> > implementation of base dce that only took ~6 man months all in all to
> > write.
> > including a whole bunch of actual dce interfaces/protocols.
> >
> >
> > Ethereals dce source code can be used to implement a dce dissector for
> > etheral, no more no less. If you want to do anything beyond building a
> > dce-interface dissector for ethereal, the source code for dce in
> > ethereal is of no use for you.
> >
> >
> > please qualify your question:
> > exactly what do you want do do with the soucecode in ethereal for DCE?
> > 1,  build a dissector for a dce interface for ethereal? yes that is easy.
> > 2,  build a dce runtime and environment to interact in a dce
> > environment? no that is impossible.
> >
> > Ethereal sourcecode for dce is complete enough for ethereal
> > unmarshalling-only use and can even handle full pointers properly,
> > smething which not even MS implementation can do.
> > But it is factored and limited in such a way that any use beyond that
> > is impossible.
> >
> >
> > If you want a full freestanding dce implementation   that actually
> > talks and interacts in a dce environment it is better to start from
> > scratch.
> > (yes, Guy mentioned the now released full implementation from
> > TheOpenGroup but if you look at that code that is designed by committe
> >   it is still quicker to start from scratch and probably better
> > quality as well unless your developers have suboptimal experience)
> > ((my brain is still hurting from looking briefly at the DCE code from
> > them a few years ago))
> >
> >
> > On 5/29/05, Bhatia, Deepak <Deepak.Bhatia@xxxxxxxxx> wrote:
> > > Hi,
> > >
> > > I am not able to understand "but only for unmarshalling
> > > of dce interfaces" ?
> > >
> > > Regards
> > >
> > > Deepak
> > >
> > >
> > > -----Original Message-----
> > > From: ethereal-dev-bounces@xxxxxxxxxxxx on behalf of Bhatia, Deepak
> > > Sent: Fri 5/27/2005 3:57 PM
> > > To: ronnie sahlberg; Ethereal development
> > > Subject: RE: [Ethereal-dev] Re: DCE RPC
> > >
> > > Hi,
> > >
> > > Can we get the protocol parameters ny ummarshelling the dce rpc interfaces
> > > and can do dissection of the protocol ?
> > >
> > > Regards
> > >
> > > Deepak Bhatia
> > >
> > > -----Original Message-----
> > > From: ethereal-dev-bounces@xxxxxxxxxxxx
> > > [mailto:ethereal-dev-bounces@xxxxxxxxxxxx]On Behalf Of ronnie sahlberg
> > > Sent: Friday, May 27, 2005 3:55 PM
> > > To: Ethereal development
> > > Subject: [Ethereal-dev] Re: DCE RPC
> > >
> > >
> > > yes,
> > > but only for unmarshalling of dce interfaces.
> > >
> > > it can not be used for a freestanding implementation since the
> > > standard runtime and marshalling has not been implemented and would be
> > > useless bloat for ethereal anyway.
> > >
> > >
> > > On 5/27/05, Bhatia, Deepak <Deepak.Bhatia@xxxxxxxxx> wrote:
> > > > Hi,
> > > >
> > > > Do we have source code available for DCE RPC in ethereal ?
> > > >
> > > > Regards
> > > >
> > > > Deepak Bhatia
> > > > Software Consultant
> > > > Patni Computer Systems Limited
> > > > A-39/40, Sector 16, Noida, 201301
> > > > Ph. 91 120 2516 880-3
> > > > Fax. 91 120 2516 890
> > > > Mobile. 91 98111 96957
> > > >
> > > >
> > > > http://www.patni.com
> > > > World-Wide Partnerships. World-Class Solutions.
> > > > _____________________________________________________________________
> > > >
> > > > This e-mail message may contain proprietary, confidential or legally
> > > > privileged information for the sole use of the person or entity to
> > > > whom this message was originally addressed. Any review, e-transmission
> > > > dissemination or other use of or taking of any action in reliance upon
> > > > this information by persons or entities other than the intended
> > > > recipient is prohibited. If you have received this e-mail in error
> > > > kindly delete  this e-mail from your records. If it appears that this
> > > > mail has been forwarded to you without proper authority, please notify
> > > > us immediately at Netadmin@xxxxxxxxx and delete this mail.
> > > > _____________________________________________________________________
> > > >
> > > >
> > >
> > > _______________________________________________
> > > Ethereal-dev mailing list
> > > Ethereal-dev@xxxxxxxxxxxx
> > > http://www.ethereal.com/mailman/listinfo/ethereal-dev
> > >
> > > http://www.patni.com
> > > World-Wide Partnerships. World-Class Solutions.
> > > _____________________________________________________________________
> > >
> > > This e-mail message may contain proprietary, confidential or legally
> > > privileged information for the sole use of the person or entity to
> > > whom this message was originally addressed. Any review, e-transmission
> > > dissemination or other use of or taking of any action in reliance upon
> > > this information by persons or entities other than the intended
> > > recipient is prohibited. If you have received this e-mail in error
> > > kindly delete  this e-mail from your records. If it appears that this
> > > mail has been forwarded to you without proper authority, please notify
> > > us immediately at Netadmin@xxxxxxxxx and delete this mail.
> > > _____________________________________________________________________
> > >
> > >
> > > http://www.patni.com
> > > World-Wide Partnerships. World-Class Solutions.
> > > _____________________________________________________________________
> > >
> > > This e-mail message may contain proprietary, confidential or legally
> > > privileged information for the sole use of the person or entity to
> > > whom this message was originally addressed. Any review, e-transmission
> > > dissemination or other use of or taking of any action in reliance upon
> > > this information by persons or entities other than the intended
> > > recipient is prohibited. If you have received this e-mail in error
> > > kindly delete  this e-mail from your records. If it appears that this
> > > mail has been forwarded to you without proper authority, please notify
> > > us immediately at Netadmin@xxxxxxxxx and delete this mail.
> > > _____________________________________________________________________
> > >
> >
> > _______________________________________________
> > Ethereal-dev mailing list
> > Ethereal-dev@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-dev
> >
> >
> >
> > http://www.patni.com
> > World-Wide Partnerships. World-Class Solutions.
> > _____________________________________________________________________
> >
> > This e-mail message may contain proprietary, confidential or legally
> > privileged information for the sole use of the person or entity to
> > whom this message was originally addressed. Any review, e-transmission
> > dissemination or other use of or taking of any action in reliance upon
> > this information by persons or entities other than the intended
> > recipient is prohibited. If you have received this e-mail in error
> > kindly delete  this e-mail from your records. If it appears that this
> > mail has been forwarded to you without proper authority, please notify
> > us immediately at Netadmin@xxxxxxxxx and delete this mail.
> > _____________________________________________________________________
> >
> >
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
>
>
> http://www.patni.com
> World-Wide Partnerships. World-Class Solutions.
> _____________________________________________________________________
>
> This e-mail message may contain proprietary, confidential or legally
> privileged information for the sole use of the person or entity to
> whom this message was originally addressed. Any review, e-transmission
> dissemination or other use of or taking of any action in reliance upon
> this information by persons or entities other than the intended
> recipient is prohibited. If you have received this e-mail in error
> kindly delete  this e-mail from your records. If it appears that this
> mail has been forwarded to you without proper authority, please notify
> us immediately at Netadmin@xxxxxxxxx and delete this mail.
> _____________________________________________________________________
>
>

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev



http://www.patni.com
World-Wide Partnerships. World-Class Solutions.
_____________________________________________________________________

This e-mail message may contain proprietary, confidential or legally
privileged information for the sole use of the person or entity to
whom this message was originally addressed. Any review, e-transmission
dissemination or other use of or taking of any action in reliance upon
this information by persons or entities other than the intended
recipient is prohibited. If you have received this e-mail in error
kindly delete  this e-mail from your records. If it appears that this
mail has been forwarded to you without proper authority, please notify
us immediately at Netadmin@xxxxxxxxx and delete this mail.
_____________________________________________________________________

<<inline: winmail.dat>>