Hi Rahul,
there are two tower pointers with port# and IP
addr!
You can see the payload on the tcp level (for frame 1610 --
payload =240 byte (see attached image as well))!
Regards
Christian
__________________________________________
Christian
Unützer
Allianz
Managed Operations & Services SE
ASIC
Operations
A-IT05NCV04
Network Management & NZA-APA Services
Gutenbergstraße
8
85774 Unterföhring, Germany
Phone: +49
89 3800 18024
Mobile:
+49 89 8916304
Fax:
+49 89 3800
818024
E-Mail: christian.unuetzer@xxxxxxxxxxx
Allianz
Managed Operations & Services SE: Vorsitzender des Aufsichtsrats / Chairman
of the Supervisory Board: Dr. Christof Mascher. Vorstand / Board of Management:
Sylvie Ouziel, Vorsitzende / Chairwoman; Dr. Rüdiger Schäfer, Dr. Ralf
Schneider, Holger Werner (Stand / Release 02.2012). Sitz der
Gesellschaft / Registered Office: München / Munich. Registergericht /
Registration Court: München/Munich HRB 173 388. USt-Id-Nr./VAT ID
Number: DE 815 001 893.
Please note: This email and any files
transmitted with it is intended only for the named recipients and may contain
confidential and/or privileged information. If you are not the
intended recipient, please do not read, copy, use or disclose the contents of
this communication to others and notify the sender immediately. Then please
delete the email and any copies of it. Thank
you.
P
Please
consider the environment before printing this e-mail.
Hi All,
I have attached an image file and a pcap file with the
packets captured. You can see the packets by applying the filter "dcerpc" and
see for packet no. 1610. I am unable to get how to see the payload of MSRPC and
get the port_no and IP_Address exchanged in that packet. I need to write a code
which will work for all DCERPC packets. Do help me in understanding the basic
protocol format of DCERPC.
Thanks and Regards
Rahul
Sharma
Attachment:
test123.PNG
Description: test123.PNG
Attachment:
dcerpc_len.gif
Description: dcerpc_len.gif
