Microsoft DSSETUP (Active Directory Services Setup) interface

This is a DCE/RPC based protocol used by CIFS hosts to obtain information about the Active Directory configuration of a remote host. This dissector is described by an IDL file and is automatically generated by the Pidl compiler.

History

This protocol first appeared with the release of Active Directory (Windows 2000). The MS04-011 security patch removed all the operations of the DSSETUP interface except the first one (DsRoleGetPrimaryDomainInformation).

In Windows Server 2003 and > (including Windows XP SP2), the DSSETUP interface only supports the first operation.

Protocol dependencies

• DCE/RPC: This protocol is implemented ontop of the DCE/RPC transport. This protocol is often access from the \PIPE\lsarpc named pipe on IPC$ but in some cases, it can also be reached through a dynamically assigned TCP port.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The DSSETUP dissector is fully functional.

Preference Settings

There are no preference setting specific to the DSSETUP protocol.

Example capture file

• SampleCaptures/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap

• SampleCaptures/dssetup_DsRoleGetPrimaryDomainInformation_ad_member.cap

• SampleCaptures/dssetup_DsRoleGetPrimaryDomainInformation_ad_dc.cap

• SampleCaptures/dssetup_DsRoleDnsNameToFlatName_w2k3_op_rng_error.cap

• SampleCaptures/dssetup_DsRoleDnsNameToFlatName_w2k.cap

• SampleCaptures/dssetup_DsRoleUpgradeDownlevelServer_MS04-011_exploit.cap

Display Filter

A complete list of DSSETUP display filter fields can be found in the display filter reference

Show only the DSSETUP based traffic:

 dssetup 

Capture Filter

You cannot directly filter DSSETUP protocols while capturing.

Protocol Functions

The DSSETUP interface supports the following operations:

• dssetup_DsRoleGetPrimaryDomainInformation (Windows 2000 and >)

• dssetup_DsRoleDnsNameToFlatName (only in Windows 2000 and Windows XP without MS04-011 applied)

• dssetup_DsRoleDcAsDc (only in Windows 2000 and Windows XP without MS04-011 applied)

• dssetup_DsRoleDcAsReplica (only in Windows 2000 and Windows XP without MS04-011 applied)

• dssetup_DsRoleDemoteDc (only in Windows 2000 and Windows XP without MS04-011 applied)

• dssetup_DsRoleGetDcOperationProgress (only in Windows 2000 and Windows XP without MS04-011 applied)

• dssetup_DsRoleGetDcOperationResults (only in Windows 2000 and Windows XP without MS04-011 applied)

• dssetup_DsRoleCancel (only in Windows 2000 and Windows XP without MS04-011 applied)

• dssetup_DsRoleServerSaveStateForUpgrade (only in Windows 2000 and Windows XP without MS04-011 applied)

• dssetup_DsRoleUpgradeDownlevelServer (only in Windows 2000 and Windows XP without MS04-011 applied)

• dssetup_DsRoleAbortDownlevelServerUpgrade (only in Windows 2000 and Windows XP without MS04-011 applied)

External links

• http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/dssetup.idl IDL definition for the DSSETUP interface.

Discussion

Imported from https://wiki.wireshark.org/DSSETUP on 2020-08-11 23:13:39 UTC