RPCNetlogon provides workstations, member servers and trusted domains with access to the centralised, shared authentication database in WinNT networks. This protocol also includes NT4 level synchronisation of user accounts between a PDC and BDC, as well as many other services.
XXX - add a brief description of RPCNetlogon history
XXX - Add example traffic here (as plain text or Wireshark screenshot).
The RPCNetlogon dissector is partially functional. There are still a number of unknown commands and feilds.
(XXX add links to preference settings affecting how RPCNetlogon is dissected).
XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
A complete list of RPCNetlogon display filter fields can be found in the display filter reference
Show only the RPCNetlogon based traffic:
You cannot directly filter RPCNetlogon protocols while capturing.
- Samba4 IDL for RPCNetlogon
We still don't entirely understand this protocol, and we have some of these on the RPCNetlogon/OpenQuestions page.
Imported from https://wiki.wireshark.org/RPCNetlogon on 2020-08-11 23:24:04 UTC