Microsoft INITSHUTDOWN interface
This protocol first appeared with the release of Active Directory (Windows 2000).
DCE/RPC: This protocol is implemented ontop of the DCE/RPC transport. This protocol is often access from the \PIPE\InitShutdown named pipe on IPC$ but in some cases, it can also be reached through a dynamically assigned TCP port.
XXX - Add example traffic here (as plain text or Wireshark screenshot).
The INITSHUTDOWN dissector is fully functional.
There are no preference settings specific to the INITSHUTDOWN protocol.
Example capture file
Someone should donate a capture for this protocol
A complete list of INITSHUTDOWN display filter fields can be found in the display filter reference
Show only the INITSHUTDOWN based traffic:
You cannot directly filter INITSHUTDOWN protocols while capturing.
The INITSHUTDOWN interface supports the following operations:
http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/initshutdown.idl IDL definition for the INITSHUTDOWN interface.