Ethereal-users: [Ethereal-users] dce rpc type packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Jeff Davis <jdavis-ethereal@xxxxxxxxxxx>
Date: Sat, 25 Jan 2003 21:11:54 -0800
I've been trying to communicate with a server over DCE RPC.

I ask this question to this list because the source for ethereal seems to be 
helpful, because it tells me some things about DCE RPC and conversations. 
However, I haven't been able to make complete sense out of the source, so I 
was hoping that someone here could help.

Here is what I think I've found out so far:
(1) I send a request packet (type 0x00) with a random activity id and an 
object ID of all zeros. Ethereal marks it as "DCERPC" protocol in the main 
window.
(2) I get a reply, asking "conv_who_are_you" (which is a a request also, type 
0x00) with a new activity ID, and a ht_conv_who_are_you2_rqst_actuid equal to 
the activity ID I randomly generated. Ethereal marks it as protocol type 
"CONV".
(3) I send a "conv_who_are_you2" as type response (0x02) with activity ID 
equal to the activity ID of the packet in (2) and a "casuuid" that I can't 
make sense of.

The problem is that number (3) is marked as a DCERPC request (by ethereal), 
with the "Request In:" set to the packet that *I* sent out. Furthermore, the 
details I included at the bottom (casuuid, etc) were not recognized as 
anything more than "stub data".

I ran ethereal while the correct application was sending/receiving data (when 
the communication was working), and the # (3) packet was marked as another 
"CONV". This correct packet has all of the right DCE RPC conversation manager 
information in it at the bottom (I'm still refering to the working 
conversation). 

The only difference between the working conversation and my conversation were 
the activity IDs (which always changed), at least within the UDP part of the 
packet. 

What do I do with the casuuid? I'd like help getting the conversation to 
actually work. I looked for hours in google already, and found some 
information, but not enough to actually get a correct "CONV" packet out for 
packet number (3). I obviously need to understand some parts of the DCE RPC 
conversation manager better.

If anyone has any advice or references I would really appreciate it.

Thanks,
	Jeff Davis