Differences between revisions 2 and 3

Microsoft INITSHUTDOWN interface

This is a DCE/RPC based protocol used by CIFS hosts to remotely shutdown or restart other CIFS hosts. This dissector is described by an IDL file and is automatically generated by the Pidl compiler.

History

This protocol first appeared with the release of Active Directory (Windows 2000).

Protocol dependencies

DCE/RPC: This protocol is implemented ontop of the DCE/RPC transport. This protocol is often access from the \PIPE\InitShutdown named pipe on IPC$ but in some cases, it can also be reached through a dynamically assigned TCP port.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The INITSHUTDOWN dissector is fully functional.

Preference Settings

There are no preference settings specific to the INITSHUTDOWN protocol.

Example capture file

Someone should donate a capture for this protocol

Display Filter

A complete list of INITSHUTDOWN display filter fields can be found in the display filter reference

Show only the INITSHUTDOWN based traffic:
```
 initshutdown 
```

Capture Filter

You cannot directly filter INITSHUTDOWN protocols while capturing.

Protocol Functions

The INITSHUTDOWN interface supports the following operations:

External links

http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/initshutdown.idl IDL definition for the INITSHUTDOWN interface.

-  ⇤ ← Revision 2 as of 2006-06-05 03:19:16 → 
  Size: 1727
  Editor: localhost
  Comment:
+   ← Revision 3 as of 2008-04-12 17:51:29 → ⇥
  Size: 1731
  Editor: localhost
  Comment: converted to 1.6 markup
-Deletions are marked like this.
+Additions are marked like this.
 Line 4:
-This is a ["DCE/RPC"] based protocol used by ["CIFS"] hosts to remotely shutdown or restart other ["CIFS"] hosts.
This dissector is described by an IDL file and is automatically generated by the ["Pidl"] compiler.
+This is a [[DCE/RPC]] based protocol used by [[CIFS]] hosts to remotely shutdown or restart other [[CIFS]] hosts.
This dissector is described by an IDL file and is automatically generated by the [[Pidl]] compiler.
 Line 13:
- * ["DCE/RPC"]: This protocol is implemented ontop of the ["DCE/RPC"] transport. This protocol is often access from the \PIPE\InitShutdown named pipe on IPC$ but in some cases, it can also be reached through a dynamically assigned ["TCP"] port.
+ * [[DCE/RPC]]: This protocol is implemented ontop of the [[DCE/RPC]] transport. This protocol is often access from the \PIPE\InitShutdown named pipe on IPC$ but in some cases, it can also be reached through a dynamically assigned [[TCP]] port.
 Line 32:
-A complete list of INITSHUTDOWN display filter fields can be found in the [http://www.wireshark.org/docs/dfref/i/initshutdown.html display filter reference]
+A complete list of INITSHUTDOWN display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/i/initshutdown.html|display filter reference]]
 Line 44:
- * ["initshutdown_Init"]
 * ["initshutdown_Abort"]
 * ["initshutdown_InitEx"]
+ * [[initshutdown_Init]]
 * [[initshutdown_Abort]]
 * [[initshutdown_InitEx]]
 Line 50:
- * [http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/initshutdown.idl] IDL definition for the INITSHUTDOWN interface.
+ * [[http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/initshutdown.idl]] IDL definition for the INITSHUTDOWN interface.

Diff for "INITSHUTDOWN"