Thank you Christian. Yup I got that.
I have one more query. How do we read the protocol towers?? I know that there are 5 columns and in 4 and 5, we have the port no. and IP address. But suppose as per our previously attached PCAP file, when we have more than one Towers, then what do the fields "Tower Array:", "Max Count", "Offset", "Actual Count" signify and then they are also there for each subtower. How to interpret it?? I couldn't find details about that in the DOC. Could anyone help for this.
Thanks and Regards
Rahul Sharma
On Thu, Feb 23, 2012 at 8:27 PM, Unuetzer, Christian (AMOS SE)
<christian.unuetzer@xxxxxxxxxx> wrote:
Hi Rahul,
there are two tower pointers with port# and IP
addr!
You can see the payload on the tcp level (for frame 1610 --
payload =240 byte (see attached image as well))!
Regards
Christian
__________________________________________
Christian
Unützer
Allianz
Managed Operations & Services SE
ASIC
Operations
A-IT05NCV04
–
Network Management & NZA-APA Services
Gutenbergstraße
8
85774 Unterföhring, Germany
Phone: +49
89 3800 18024
Mobile:
+49 89 8916304
Fax:
+49 89 3800
818024
E-Mail: christian.unuetzer@xxxxxxxxxxx
Allianz
Managed Operations & Services SE: Vorsitzender des Aufsichtsrats / Chairman
of the Supervisory Board: Dr. Christof Mascher. Vorstand / Board of Management:
Sylvie Ouziel, Vorsitzende / Chairwoman; Dr. Rüdiger Schäfer, Dr. Ralf
Schneider, Holger Werner (Stand / Release 02.2012). Sitz der
Gesellschaft / Registered Office: München / Munich. Registergericht /
Registration Court: München/Munich HRB 173 388. USt-Id-Nr./VAT ID
Number: DE 815 001 893.
Please note: This email and any files
transmitted with it is intended only for the named recipients and may contain
confidential and/or privileged information. If you are not the
intended recipient, please do not read, copy, use or disclose the contents of
this communication to others and notify the sender immediately. Then please
delete the email and any copies of it. Thank
you.
P
Please
consider the environment before printing this e-mail.
Hi All,
I have attached an image file and a pcap file with the
packets captured. You can see the packets by applying the filter "dcerpc" and
see for packet no. 1610. I am unable to get how to see the payload of MSRPC and
get the port_no and IP_Address exchanged in that packet. I need to write a code
which will work for all DCERPC packets. Do help me in understanding the basic
protocol format of DCERPC.
Thanks and Regards
Rahul
Sharma
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe