This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 4 and 5
Revision 4 as of 2006-06-05 03:19:24
Size: 1737
Editor: localhost
Comment:
Revision 5 as of 2008-04-12 17:50:14
Size: 1741
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:
 * ["DCE/RPC"]: RPCNetlogon uses ["DCE/RPC"] as its transport protocol.  * [[DCE/RPC]]: RPCNetlogon uses [[DCE/RPC]] as its transport protocol.
Line 31: Line 31:
A complete list of RPCNetlogon display filter fields can be found in the [http://www.wireshark.org/docs/dfref/r/rpc_netlogon.html display filter reference] A complete list of RPCNetlogon display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/r/rpc_netlogon.html|display filter reference]]
Line 42: Line 42:
 * [http://samba.org/ftp/unpacked/samba4/source/librpc/idl/netlogon.idl Samba4 IDL] for RPCNetlogon  * [[http://samba.org/ftp/unpacked/samba4/source/librpc/idl/netlogon.idl|Samba4 IDL]] for RPCNetlogon
Line 47: Line 47:
We still don't entirely understand this protocol, and we have some of these on the ["RPCNetlogon/OpenQuestions"] page. We still don't entirely understand this protocol, and we have some of these on the [[RPCNetlogon/OpenQuestions]] page.

Microsoft Network Logon (RPCNetlogon)

RPCNetlogon provides workstations, member servers and trusted domains with access to the centralised, shared authentication database in WinNT networks. This protocol also includes NT4 level syncrosisation of user accounts between a PDC and BDC, as well as many other services.

History

XXX - add a brief description of RPCNetlogon history

Protocol dependencies

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The RPCNetlogon dissector is partially functional. There are still a number of unknown commands and feilds.

Preference Settings

(XXX add links to preference settings affecting how RPCNetlogon is dissected).

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of RPCNetlogon display filter fields can be found in the display filter reference

  • Show only the RPCNetlogon based traffic:

     rpc_netlogon 

Capture Filter

You cannot directly filter RPCNetlogon protocols while capturing.

Discussion

Open Questions

We still don't entirely understand this protocol, and we have some of these on the RPCNetlogon/OpenQuestions page.

RPCNetlogon (last edited 2012-12-17 20:39:34 by SadeqDousti)