Hi guys, Is MSRPC::DCOM:RemoteCreateInstance Request/Response decoder planned? And is this feature on demand? asked 16 Jul '12, 05:24  ltgao |
One Answer:
As Wireshark is Open Source software primarily developed by people in their spare time, there isn't much of a plan. Anyway, looking through Wireshark's source code I can see that packet-dcom-sysact.c appears to have some code that mentions RemoteCreateInstance so it would appear that Wireshark may already support this. I assume you've tried it and it doesn't work? If so, I'd suggest that you open a bug report and attach a sample capture so someone with some free time can take a look. answered 23 Jul '12, 06:57  JeffMorriss ♦ |
thank you for the feedback, yes, packet-dcom-sysact.c has been added into the wireshark project, but the implementation is not enough. Quite part of the decoder is not coded. I am planning to contribute this part if no other is doing this.