Differences between revisions 2 and 3
Revision 2 as of 2006-06-05 03:19:15
Size: 1444
Editor: localhost
Comment:
Revision 3 as of 2008-04-12 17:50:27
Size: 1446
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
This is the endpoint mapper for the ["DCE/RPC"] protocol and an integral part of it. This is the endpoint mapper for the [[DCE/RPC]] protocol and an integral part of it.
Line 14: Line 14:
 * ["DCE/RPC"]: EPM uses ["DCE/RPC"] as its transport protocol.  * [[DCE/RPC]]: EPM uses [[DCE/RPC]] as its transport protocol.
Line 33: Line 33:
A complete list of EPM display filter fields can be found in the [http://www.wireshark.org/docs/dfref/e/epm.html display filter reference] A complete list of EPM display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/e/epm.html|display filter reference]]
Line 40: Line 40:
You cannot directly filter EPM protocols while capturing. See ["DCE/RPC"] how to filter on that protocol. You cannot directly filter EPM protocols while capturing. See [[DCE/RPC]] how to filter on that protocol.
Line 44: Line 44:
 * EPM is part of the ["DCE/RPC"] specification  * EPM is part of the [[DCE/RPC]] specification

DCE/RPC Endpoint Mapper (EPM)

This is the endpoint mapper for the DCE/RPC protocol and an integral part of it.

A client will call the endpoint mapper at the server to ask for a "well known" service. The server will answer the client at which addresses this service is available (or if this service is not available at all).

History

XXX - add a brief description of EPM history

Protocol dependencies

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The EPM dissector is fully functional.

Preference Settings

There are no EPM specific preference settings.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of EPM display filter fields can be found in the display filter reference

  • Show only the EPM based traffic:

     epm 

Capture Filter

You cannot directly filter EPM protocols while capturing. See DCE/RPC how to filter on that protocol.

  • EPM is part of the DCE/RPC specification

Discussion

EPM (last edited 2008-04-12 17:50:27 by localhost)