I've been trying to communicate with a server over DCE RPC.
I ask this question to this list because the source for ethereal seems to be
helpful, because it tells me some things about DCE RPC and conversations.
However, I haven't been able to make complete sense out of the source, so I
was hoping that someone here could help.
Here is what I think I've found out so far:
(1) I send a request packet (type 0x00) with a random activity id and an
object ID of all zeros. Ethereal marks it as "DCERPC" protocol in the main
window.
(2) I get a reply, asking "conv_who_are_you" (which is a a request also, type
0x00) with a new activity ID, and a ht_conv_who_are_you2_rqst_actuid equal to
the activity ID I randomly generated. Ethereal marks it as protocol type
"CONV".
(3) I send a "conv_who_are_you2" as type response (0x02) with activity ID
equal to the activity ID of the packet in (2) and a "casuuid" that I can't
make sense of.
The problem is that number (3) is marked as a DCERPC request (by ethereal),
with the "Request In:" set to the packet that *I* sent out. Furthermore, the
details I included at the bottom (casuuid, etc) were not recognized as
anything more than "stub data".
I ran ethereal while the correct application was sending/receiving data (when
the communication was working), and the # (3) packet was marked as another
"CONV". This correct packet has all of the right DCE RPC conversation manager
information in it at the bottom (I'm still refering to the working
conversation).
The only difference between the working conversation and my conversation were
the activity IDs (which always changed), at least within the UDP part of the
packet.
What do I do with the casuuid? I'd like help getting the conversation to
actually work. I looked for hours in google already, and found some
information, but not enough to actually get a correct "CONV" packet out for
packet number (3). I obviously need to understand some parts of the DCE RPC
conversation manager better.
If anyone has any advice or references I would really appreciate it.
Thanks,
Jeff Davis
