Hi,
I captured DCERPC traffic and then I did a filter to isolate
a particular call ID with that filter : dcerpc.cn_call_id == 96
I went trough that problem:
When selecting the option “Allow subdissector to
reassemble TCP streams” checked the filter catches only the Request.
When deselecting the option “Allow subdissector to
reassemble TCP streams” the filter catches both the Request and
The Response. The frame is identified as limited during
capture but I know it’s not, I did a full frame capture.
Might it be because the frame is exactly 1514 bytes long or
I might be wrong with something ?
I attached a small capture that has what I described.
Regards.
===========================================
André Noël
|
Attachment:
dcerpc.pcap
Description: dcerpc.pcap