Wireshark · Wireshark-users: [Wireshark-users] Implementation of DCERPC protocol

Wireshark-users: [Wireshark-users] Implementation of DCERPC protocol

From: rahul sharma <rahulatgslab@xxxxxxxxx>

Date: Thu, 23 Feb 2012 14:21:01 +0530

Hi All,

I was studying about MSRPC where I encountered some doubts about MSRPC(implementation of DCERPC). I am listing them here. If you could help me, then I would be really thankful to you. My doubts are as follows:-

1> What does the Byte order to be Little Endian specify?

2> Port and IP information are exchanged in Protocol Towers and at location 4 and 4 respectively in a MAP response. Actually I found out one Response packet which returned 2 Towers and both containing different port. So want to know why is this? How can I come to know which port is going to be used by the requesting client?? Other than the "C706" manual, if you have some other paper which explains MSRPC(DCERPC) in a better way, then do share with me. I would be really thankful to you.

Thanks and Regards
Rahul Sharma

Follow-Ups:
- Re: [Wireshark-users] Implementation of DCERPC protocol
  - From: Stephen Fisher
- Re: [Wireshark-users] Implementation of DCERPC protocol
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] JItter Calculation Algo used by Wireshark
Next by Date: [Wireshark-users] How is this DCERPC packet content interpreted?
Previous by thread: Re: [Wireshark-users] JItter Calculation Algo used by Wireshark
Next by thread: Re: [Wireshark-users] Implementation of DCERPC protocol
Index(es):
- Date
- Thread