Microsoft Distributed Component Object Model (DCOM)

The distributed object protocol from Microsoft (similar to CORBA but less powerful). As Microsoft is preferring SOAP for this kind of purpose now, you might call it a kind of obsolete.


DCOM uses interfaces and an interface description language (IDL) to define the interfaces/procedures available (it's all much like CORBA).

DCOM defines some common interfaces:

In addition to this, users can define and register their own interfaces.


Microsoft started DCOM with the name ORPC, an abbreviation of Object RPC, as you might find it in some documentation. XXX - add some more description of DCOM history

Protocol dependencies

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).


The DCOM dissector is partially implemented and a lot of dissection it still incomplete / buggy. However, often used methods are implemented, so the dissector should be useful.

Preference Settings

(XXX add links to preference settings affecting how DCOM is dissected).

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of DCOM display filter fields can be found in the display filter reference.

Show only the DCOM based traffic:


Capture Filter

You cannot filter DCOM protocols while capturing.

External links


Imported from https://wiki.wireshark.org/DCOM on 2020-08-11 23:12:34 UTC