DCOM uses interfaces and an interface description language (IDL) to define the interfaces/procedures available (it's all much like CORBA).
DCOM defines some common interfaces:
In addition to this, users can define and register their own interfaces.
Microsoft started DCOM with the name ORPC, an abbreviation of Object RPC, as you might find it in some documentation. XXX - add some more description of DCOM history
XXX - Add example traffic here (as plain text or Wireshark screenshot).
The DCOM dissector is partially implemented and a lot of dissection it still incomplete / buggy. However, often used methods are implemented, so the dissector should be useful.
(XXX add links to preference settings affecting how DCOM is dissected).
XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
A complete list of DCOM display filter fields can be found in the display filter reference.
Show only the DCOM based traffic:
You cannot filter DCOM protocols while capturing.
DCE 1.1: Remote Procedure Call (C706) - DCE/RPC specification
Distributed Component Object Model Protocol – DCOM/1.0 1998 version of DCOM/1.0 specification (internet draft)
- Understanding the DCOM Wire Protocol by Analyzing Network Data Packets
Imported from https://wiki.wireshark.org/DCOM on 2020-08-11 23:12:34 UTC