Ethereal-dev: [Ethereal-dev] [PATCH] Ethereal dissectors for Microsoft Windows NT DCE/RPC

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Tim Potter <tpot@xxxxxxxxx>
Date: Sun, 11 Nov 2001 12:57:40 +1100 (EST)
I've just discovered Todd Sabin's DCE/RPC packet dissassembly
routines and it's just what I've been waiting for to start adding
some seriously useful dissection of Microsoft's use of DCE/RPC
for remote procedure calls on Windows NT/2000/XP.

The attached patch and tarball of new files adds a bunch of new
protocols for each DCE/RPC service that Samba currently knows
about.  These are:

 - \PIPE\lsarpc
 - \PIPE\samr
 - \PIPE\spoolss
 - \PIPE\wkssvc
 - \PIPE\srvsvc
 - \PIPE\netdfs
 - \PIPE\winreg
 - \PIPE\NETLOGON

At the moment only the opnum of each call is dissected and the
info field displays a text description of the call.  I thought I
would propose this as a patch before starting on dissecting the
MSRPC payload as just displaying the call names is quite useful.


Tim.

Attachment: msrpc.diff
Description: Binary data

Attachment: msrpc-new.tar.gz
Description: Binary data