Differences between revisions 10 and 11
Revision 10 as of 2006-06-05 03:19:13
Size: 3454
Editor: localhost
Comment:
Revision 11 as of 2008-04-12 17:51:33
Size: 3482
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
This is a ["DCE/RPC"] based protocol used by ["CIFS"] hosts to obtain information about the Active Directory configuration of a remote host.
This dissector is described by an IDL file and is automatically generated by the ["Pidl"] compiler.
This is a [[DCE/RPC]] based protocol used by [[CIFS]] hosts to obtain information about the Active Directory configuration of a remote host.
This dissector is described by an IDL file and is automatically generated by the [[Pidl]] compiler.
Line 15: Line 15:
 * ["DCE/RPC"]: This protocol is implemented ontop of the ["DCE/RPC"] transport. This protocol is often access from the \PIPE\lsarpc named pipe on IPC$ but in some cases, it can also be reached through a dynamically assigned ["TCP"] port.  * [[DCE/RPC]]: This protocol is implemented ontop of the [[DCE/RPC]] transport. This protocol is often access from the \PIPE\lsarpc named pipe on IPC$ but in some cases, it can also be reached through a dynamically assigned [[TCP]] port.
Line 31: Line 31:
 * attachment:SampleCaptures/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap
 * attachment:SampleCaptures/dssetup_DsRoleGetPrimaryDomainInformation_ad_member.cap
 * attachment:SampleCaptures/dssetup_DsRoleGetPrimaryDomainInformation_ad_dc.cap
 * attachment:SampleCaptures/dssetup_DsRoleDnsNameToFlatName_w2k3_op_rng_error.cap
 * attachment:SampleCaptures/dssetup_DsRoleDnsNameToFlatName_w2k.cap
 * attachment:SampleCaptures/dssetup_DsRoleUpgradeDownlevelServer_MS04-011_exploit.cap
 * [[attachment:SampleCaptures/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap]]
 * [[attachment:SampleCaptures/dssetup_DsRoleGetPrimaryDomainInformation_ad_member.cap]]
 * [[attachment:SampleCaptures/dssetup_DsRoleGetPrimaryDomainInformation_ad_dc.cap]]
 * [[attachment:SampleCaptures/dssetup_DsRoleDnsNameToFlatName_w2k3_op_rng_error.cap]]
 * [[attachment:SampleCaptures/dssetup_DsRoleDnsNameToFlatName_w2k.cap]]
 * [[attachment:SampleCaptures/dssetup_DsRoleUpgradeDownlevelServer_MS04-011_exploit.cap]]
Line 39: Line 39:
A complete list of DSSETUP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/d/dssetup.html display filter reference] A complete list of DSSETUP display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/d/dssetup.html|display filter reference]]
Line 51: Line 51:
 * ["dssetup_DsRoleGetPrimaryDomainInformation"] (Windows 2000 and >)
 * ["dssetup_DsRoleDnsNameToFlatName"] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * ["dssetup_DsRoleDcAsDc"] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * ["dssetup_DsRoleDcAsReplica"] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * ["dssetup_DsRoleDemoteDc"] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * ["dssetup_DsRoleGetDcOperationProgress"] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * ["dssetup_DsRoleGetDcOperationResults"] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * ["dssetup_DsRoleCancel"] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * ["dssetup_DsRoleServerSaveStateForUpgrade"] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * ["dssetup_DsRoleUpgradeDownlevelServer"] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * ["dssetup_DsRoleAbortDownlevelServerUpgrade"] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * [[dssetup_DsRoleGetPrimaryDomainInformation]] (Windows 2000 and >)
 * [[dssetup_DsRoleDnsNameToFlatName]] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * [[dssetup_DsRoleDcAsDc]] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * [[dssetup_DsRoleDcAsReplica]] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * [[dssetup_DsRoleDemoteDc]] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * [[dssetup_DsRoleGetDcOperationProgress]] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * [[dssetup_DsRoleGetDcOperationResults]] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * [[dssetup_DsRoleCancel]] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * [[dssetup_DsRoleServerSaveStateForUpgrade]] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * [[dssetup_DsRoleUpgradeDownlevelServer]] (only in Windows 2000 and Windows XP without MS04-011 applied)
 * [[dssetup_DsRoleAbortDownlevelServerUpgrade]] (only in Windows 2000 and Windows XP without MS04-011 applied)
Line 65: Line 65:
 * [http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/dssetup.idl] IDL definition for the DSSETUP interface.  * [[http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/dssetup.idl]] IDL definition for the DSSETUP interface.

Microsoft DSSETUP (Active Directory Services Setup) interface

This is a DCE/RPC based protocol used by CIFS hosts to obtain information about the Active Directory configuration of a remote host. This dissector is described by an IDL file and is automatically generated by the Pidl compiler.

History

This protocol first appeared with the release of Active Directory (Windows 2000). The MS04-011 security patch removed all the operations of the DSSETUP interface except the first one (DsRoleGetPrimaryDomainInformation).

In Windows Server 2003 and > (including Windows XP SP2), the DSSETUP interface only supports the first operation.

Protocol dependencies

  • DCE/RPC: This protocol is implemented ontop of the DCE/RPC transport. This protocol is often access from the \PIPE\lsarpc named pipe on IPC$ but in some cases, it can also be reached through a dynamically assigned TCP port.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The DSSETUP dissector is fully functional.

Preference Settings

There are no preference setting specific to the DSSETUP protocol.

Example capture file

Display Filter

A complete list of DSSETUP display filter fields can be found in the display filter reference

  • Show only the DSSETUP based traffic:

     dssetup 

Capture Filter

You cannot directly filter DSSETUP protocols while capturing.

Protocol Functions

The DSSETUP interface supports the following operations:

Discussion

DSSETUP (last edited 2008-04-12 17:51:33 by localhost)