Ethereal-dev: [Ethereal-dev] DCERPC: problems with connectionless conversations, need some hel

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Ulf Lamping <ulf.lamping@xxxxxx>
Date: Thu, 27 May 2004 19:44:36 +0200
Hi List!
I'm having problems with DCE-RPC over UDP (connectionless) conversations. I have a capture file, which incorrectly displays some fragments as related, which are not related at all.
Having a look into the sources, I found the following comment (packet-dcerpc.c line 4450, function dissect_dcerpc_dg): 

   /*
    * keeping track of the conversation shouldn't really be necessary
    * for connectionless packets, because everything we need to know
    * to dissect is in the header for each packet.  Unfortunately,
    * Microsoft's implementation is buggy and often puts the
    * completely wrong if_id in the header.  go figure.  So, keep
    * track of the seqnum and use that if possible.  Note: that's not
    * completely correct.  It should really be done based on both the
    * activity_id and seqnum.  I haven't seen anywhere that it would
    * make a difference, but for future reference...
    */

.. and now the time has come?

Could someone give me a helping hand, how this should be implemented?

Maybe add an activity_id value to the dcerpc_call_key?
As mentioned, I have a capture which shows the problem (around 60KB), if someone is interested. 

Regards, ULFL