Re: [tcpdump-workers] DCERPC

2011-04-18 Thread rixed
-[ Wed, Apr 13, 2011 at 10:21:52PM +0900, Andrej van der Zee ] > It works fine except when > DCERPC-packets are found in the middle of a data-transfer between an > HTTP client and server (example of such a DCERPC-packet see below, > captured with Wireshark). > > (...) > > [Unreassembled Packet

[tcpdump-workers] DCERPC

2011-04-13 Thread Andrej van der Zee
Hi, I wrote a sniffer using libpcap that re-assembles TCP streams to enable HTTP request/response re-assembly. It works fine except when DCERPC-packets are found in the middle of a data-transfer between an HTTP client and server (example of such a DCERPC-packet see below, captured with Wireshark).