WINREG

Microsoft Windows Remote Registry Service (WINREG)

This is a DCE/RPC based protocol used by CIFS hosts to access the registry across a network. This dissector is described by an IDL file and is automatically generated by the Pidl compiler.

History

This protocol first appeared in Windows NT4 and is used to access the registry across a network.

Protocol dependencies

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The WINREG dissector is partially functional and incomplete awaiting the protocol and its idl file to be fully analyzed.

Preference Settings

There are no preference setting specific to the WINREG protocol.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of WINREG display filter fields can be found in the display filter reference

Show only the WINREG based traffic:

 winreg 

Capture Filter

You cannot directly filter WINREG protocols while capturing.

Protocol Functions

The WINREG protocol implements the following functions:

External links

Discussion


Imported from https://wiki.wireshark.org/WINREG on 2020-08-11 23:27:29 UTC