Wireshark · Wireshark-users: [Wireshark-users] How is this DCERPC packet content interpreted?

Wireshark-users: [Wireshark-users] How is this DCERPC packet content interpreted?

From: rahul sharma <rahulatgslab@xxxxxxxxx>

Date: Thu, 23 Feb 2012 18:42:25 +0530

Hi All,

I have attached an image file and a pcap file with the packets captured. You can see the packets by applying the filter "dcerpc" and see for packet no. 1610. I am unable to get how to see the payload of MSRPC and get the port_no and IP_Address exchanged in that packet. I need to write a code which will work for all DCERPC packets. Do help me in understanding the basic protocol format of DCERPC.

Thanks and Regards
Rahul Sharma

Attachment: test123.PNG
Description: PNG image

Attachment: dcerpc.pcap
Description: Binary data

Follow-Ups:
- Re: [Wireshark-users] How is this DCERPC packet content interpreted?
  - From: Unuetzer, Christian (AMOS SE)
- Re: [Wireshark-users] How is this DCERPC packet content interpreted?
  - From: ronnie sahlberg

Prev by Date: [Wireshark-users] Implementation of DCERPC protocol
Next by Date: Re: [Wireshark-users] How is this DCERPC packet content interpreted?
Previous by thread: Re: [Wireshark-users] Implementation of DCERPC protocol
Next by thread: Re: [Wireshark-users] How is this DCERPC packet content interpreted?
Index(es):
- Date
- Thread