Ethereal-dev: Re: [Ethereal-dev] SPOOLSS, msrpc dissection, please comment

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Thu, 6 Dec 2001 11:30:22 -0800 (PST)
> Attahced is a small patch for dcerpc and dcerpc-spoolss
> It is messy and just a test before the real work is done.
> 
> It adds dissection of 4 small commands in SPOOLSS

Microsoft Network Monitor has some dissectors for DCERPC-based services
(but not, as I remember, all of the useful ones for SMB; it'd be rather
ironic if Ethereal were a better dissector for SMB than Microsoft's own
network analyzer - it's already better in a number of ways, thanks to
your work).

Those dissectors are, from their entries in the list of protocols in the
Netmon GUI for constructing display filters, "generated RPC parsers for
interface XXX"; I assume this means they have something that reads a
DCERPC IDL file and emits a parser.

I think the free DCERPC code includes an IDL parser; would it make sense
for us to modify that into something that can generate an Ethereal
dissector, and use that, plus the IDLs for various services (perhaps
after modifying the IDL language to include additional information to
give nice display names to fields), to generate dissectors for those
services?