Added by Shivani Bhardwaj about 1 year ago. Updated about 1 month ago.
Description
dcerpc lacks event handling which is important to convey what a possible issue could have led to an unexpected behavior.
Files
| rough_potato_broken_2.pcap (143 KB) rough_potato_broken_2.pcap | pcap with dcerpc | Artem Kartunchikov, 04/02/2025 12:02 PM | |
| stats.log (5.17 KB) stats.log | Artem Kartunchikov, 04/02/2025 12:03 PM | ||
| packets_stats.log (10 KB) packets_stats.log | Artem Kartunchikov, 04/02/2025 12:03 PM | ||
| locks_stats.log (1.52 KB) locks_stats.log | Artem Kartunchikov, 04/02/2025 12:03 PM |
I again encounter this issue but with other pcap file
Also, I think it would be great if instead of the parser getting into an error state and shutting down, it would just skip the unknown RPC calls and continue analyzing the stream
Artem Kartunchikov wrote in #note-4:
Also, I think it would be great if instead of the parser getting into an error state and shutting down, it would just skip the unknown RPC calls and continue analyzing the stream