Differences between revisions 1 and 3 (spanning 2 versions)
Revision 1 as of 2005-11-29 02:32:46
Size: 1724
Comment:
Revision 3 as of 2008-04-12 17:51:29
Size: 1731
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
This is a ["DCE/RPC"] based protocol used by ["CIFS"] hosts to remotely shutdown or restart other ["CIFS"] hosts.
This dissector is described by an IDL file and is automatically generated by the ["Pidl"] compiler.
This is a [[DCE/RPC]] based protocol used by [[CIFS]] hosts to remotely shutdown or restart other [[CIFS]] hosts.
This dissector is described by an IDL file and is automatically generated by the [[Pidl]] compiler.
Line 13: Line 13:
 * ["DCE/RPC"]: This protocol is implemented ontop of the ["DCE/RPC"] transport. This protocol is often access from the \PIPE\InitShutdown named pipe on IPC$ but in some cases, it can also be reached through a dynamically assigned ["TCP"] port.  * [[DCE/RPC]]: This protocol is implemented ontop of the [[DCE/RPC]] transport. This protocol is often access from the \PIPE\InitShutdown named pipe on IPC$ but in some cases, it can also be reached through a dynamically assigned [[TCP]] port.
Line 17: Line 17:
XXX - Add example traffic here (as plain text or Ethereal screenshot). XXX - Add example traffic here (as plain text or Wireshark screenshot).
Line 19: Line 19:
== Ethereal == == Wireshark ==
Line 32: Line 32:
A complete list of INITSHUTDOWN display filter fields can be found in the [http://www.ethereal.com/docs/dfref/i/initshutdown.html display filter reference] A complete list of INITSHUTDOWN display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/i/initshutdown.html|display filter reference]]
Line 44: Line 44:
 * ["initshutdown_Init"]
 * ["initshutdown_Abort"]
 * ["initshutdown_InitEx"]
 * [[initshutdown_Init]]
 * [[initshutdown_Abort]]
 * [[initshutdown_InitEx]]
Line 50: Line 50:
 * [http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/initshutdown.idl] IDL definition for the INITSHUTDOWN interface.  * [[http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/initshutdown.idl]] IDL definition for the INITSHUTDOWN interface.

Microsoft INITSHUTDOWN interface

This is a DCE/RPC based protocol used by CIFS hosts to remotely shutdown or restart other CIFS hosts. This dissector is described by an IDL file and is automatically generated by the Pidl compiler.

History

This protocol first appeared with the release of Active Directory (Windows 2000).

Protocol dependencies

  • DCE/RPC: This protocol is implemented ontop of the DCE/RPC transport. This protocol is often access from the \PIPE\InitShutdown named pipe on IPC$ but in some cases, it can also be reached through a dynamically assigned TCP port.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The INITSHUTDOWN dissector is fully functional.

Preference Settings

There are no preference settings specific to the INITSHUTDOWN protocol.

Example capture file

Someone should donate a capture for this protocol

Display Filter

A complete list of INITSHUTDOWN display filter fields can be found in the display filter reference

  • Show only the INITSHUTDOWN based traffic:

     initshutdown 

Capture Filter

You cannot directly filter INITSHUTDOWN protocols while capturing.

Protocol Functions

The INITSHUTDOWN interface supports the following operations:

Discussion

INITSHUTDOWN (last edited 2008-04-12 17:51:29 by localhost)