This is a DCE/RPC based protocol used by CIFS hosts to access/control the AT-Scheduler Service across a network. This dissector is described by an IDL file and is automatically generated by the Pidl compiler.
This protocol first appeared in Windows NT4 and is used to access the scheduler service across a network.
- DCE/RPC: This protocol is implemented ontop of the DCE/RPC transport. This protocol is often access from the \PIPE\atsvc named pipe on IPC$ but can also be reached through a dynamically assigned TCP port. Accessing this service using TCP as transport requires the support of the EPM Endpoint Mapper service.
XXX - Add example traffic here (as plain text or Wireshark screenshot).
The ATSVC dissector is fully functional.
There are no preference setting specific to the ATSVC protocol.
XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
A complete list of ATSVC display filter fields can be found in the display filter reference
Show only the ATSVC based traffic:
You cannot directly filter ATSVC protocols while capturing.
The ATSVC protocol implements the following functions:
- http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/atsvc.idl IDL definition for the ATSVC interface.
Imported from https://wiki.wireshark.org/ATSVC on 2020-08-11 23:11:26 UTC