ok,
so what you essentially want to do is
build a module for ethereal that can replay recorded DCERPC sequences
to a DCERPC server.
I assume this is in order to replay DCERPC transactions between a host
running the
PSR application and either a windows host or a unix dce/dfs implementation.
(since these are the only widely used DCE implementations today in
existence (well unix dce/dfs is not exactly in wide use but anyway).
This is virtually impossible.
In both cases before you can issue or replay any commands whatsoever
to the DCE endpoint you must authenticate.
Authentication involved in both cases generation of GSS-KRB tokens
which is impossible unless you know the plaintext password or have
access to the (in case of dce/dfs) keytab file for the host).
GSS-KRB has replay protection so it is just not possible to replay a
captured authentication token. GSS-KRB would be pointless if it didnt.
The only way in theory that would work would be to
start by a full blown dce implementation, then add a lot of code to
intercept and decode all data structures.
Then using the plaintext password (which can not be extracted from
the capture) generate completely new authentication tokens
remarshalling the packets etc.
It is just impossible to replay DCE sessions.
Why do you want to replay DCE sessions?
Without knowing the plaintext password of the host whose traffic you
want to replay or the secret keytab file of that host, any and all
replaying of packets would be equivalent to launching a flood ping to
the receiving host.
[ Content deleted ]
