Microsoft AT-Scheduler Service (ATSVC)

This is a DCE/RPC based protocol used by CIFS hosts to access/control the AT-Scheduler Service across a network. This dissector is described by an IDL file and is automatically generated by the Pidl compiler.

History

This protocol first appeared in Windows NT4 and is used to access the scheduler service across a network.

Protocol dependencies

• DCE/RPC: This protocol is implemented ontop of the DCE/RPC transport. This protocol is often access from the \PIPE\atsvc named pipe on IPC$ but can also be reached through a dynamically assigned TCP port. Accessing this service using TCP as transport requires the support of the EPM Endpoint Mapper service.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The ATSVC dissector is fully functional.

Preference Settings

There are no preference setting specific to the ATSVC protocol.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

• SampleCaptures/PROTO.pcap

Display Filter

A complete list of ATSVC display filter fields can be found in the display filter reference

Show only the ATSVC based traffic:

 atsvc 

Capture Filter

You cannot directly filter ATSVC protocols while capturing.

Protocol Functions

The ATSVC protocol implements the following functions:

• atsvc_JobAdd

• atsvc_JobDel

• atsvc_JobEnum

• atsvc_JobGetInfo

External links

• http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/atsvc.idl IDL definition for the ATSVC interface.

Discussion

Imported from https://wiki.wireshark.org/ATSVC on 2020-08-11 23:11:26 UTC