Differences between revisions 1 and 2
Revision 1 as of 2005-04-01 12:52:34
Size: 1440
Editor: UlfLamping
Comment: first content
Revision 2 as of 2006-06-05 03:19:15
Size: 1444
Editor: localhost
Comment:
Deletions are marked like this. Additions are marked like this.
Line 18: Line 18:
XXX - Add example traffic here (as plain text or Ethereal screenshot). XXX - Add example traffic here (as plain text or Wireshark screenshot).
Line 20: Line 20:
== Ethereal == == Wireshark ==
Line 30: Line 30:
XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically. XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
Line 33: Line 33:
A complete list of EPM display filter fields can be found in the [http://www.ethereal.com/docs/dfref/e/epm.html display filter reference] A complete list of EPM display filter fields can be found in the [http://www.wireshark.org/docs/dfref/e/epm.html display filter reference]

DCE/RPC Endpoint Mapper (EPM)

This is the endpoint mapper for the ["DCE/RPC"] protocol and an integral part of it.

A client will call the endpoint mapper at the server to ask for a "well known" service. The server will answer the client at which addresses this service is available (or if this service is not available at all).

History

XXX - add a brief description of EPM history

Protocol dependencies

  • ["DCE/RPC"]: EPM uses ["DCE/RPC"] as its transport protocol.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The EPM dissector is fully functional.

Preference Settings

There are no EPM specific preference settings.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of EPM display filter fields can be found in the [http://www.wireshark.org/docs/dfref/e/epm.html display filter reference]

  • Show only the EPM based traffic:

     epm 

Capture Filter

You cannot directly filter EPM protocols while capturing. See ["DCE/RPC"] how to filter on that protocol.

  • EPM is part of the ["DCE/RPC"] specification

Discussion

EPM (last edited 2008-04-12 17:50:27 by localhost)