This protocol first appeared with the release of Active Directory (Windows 2000).
- DCE/RPC: This protocol is implemented ontop of the DCE/RPC transport. This protocol is often access from the \PIPE\InitShutdown named pipe on IPC$ but in some cases, it can also be reached through a dynamically assigned TCP port.
XXX - Add example traffic here (as plain text or Wireshark screenshot).
The INITSHUTDOWN dissector is fully functional.
There are no preference settings specific to the INITSHUTDOWN protocol.
Someone should donate a capture for this protocol
A complete list of INITSHUTDOWN display filter fields can be found in the display filter reference
Show only the INITSHUTDOWN based traffic:
You cannot directly filter INITSHUTDOWN protocols while capturing.
The INITSHUTDOWN interface supports the following operations:
- http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/initshutdown.idl IDL definition for the INITSHUTDOWN interface.
Imported from https://wiki.wireshark.org/INITSHUTDOWN on 2020-08-11 23:15:06 UTC