Ethereal-users: Re: [Ethereal-users] dcerpc.opnum

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Ronnie Sahlberg" <ronnie_sahlberg@xxxxxxxxxxxxxx>
Date: Wed, 22 Jan 2003 19:49:01 +1100
----- Original Message -----
From: "Tony Fortunato"
Sent: Wednesday, January 22, 2003 1:50 PM
Subject: [Ethereal-users] dcerpc.opnum


> I was looking for more detail regarding DCE/RPC OPNUMs.  Specifically I
was
> looking for what requests the various Opnum values represented.


the opnums are relative to which interface/version was used.

to find out which interface/version a particular dcerpc packet with a
particular opnum
refers to you must first find and look at the corresponding dcerpc bind
call that initiated the
session.

there are probably round houndreds of well known and published dcerpc
interfaces, each with their
own opnum space.
ontop of this there are probably thousands of private dcerpc interfaces


the only way to find out is to find the uuid in the dcerpc bind call and
then to find the
proper IDL file for that interface, if such an IDL file exists at all...