'Re: [Wireshark-users] Implementation of DCERPC protocol'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wireshark-users
Subject:    Re: [Wireshark-users] Implementation of DCERPC protocol
From:       Guy Harris <guy () alum ! mit ! edu>
Date:       2012-02-23 20:14:44
Message-ID: 7AEC614E-14A3-40F3-9624-AEAD1EA36051 () alum ! mit ! edu
[Download RAW message or body]


On Feb 23, 2012, at 12:51 AM, rahul sharma wrote:

> 1> What does the Byte order to be Little Endian specify?

It specifies that all multi-byte integral and floating-point values are in \
little-endian format within the DCE RPC request or reply in question.  To quote the \
DCE RPC spec:

	http://pubs.opengroup.org/onlinepubs/009629399/chap14.htm

"NDR represents signed integers in twos complement format and represents unsigned \
integers as unsigned binary numbers. There are two integer formats: big-endian and \
little-endian. If the integer format is big-endian, the octets of the representation \
are ordered in the octet stream from the most significant octet to the least \
significant octet. If the integer format is little-endian, the octets of the \
representation are ordered in the octet stream from the least significant octet to \
the most significant octet."

Unlike ONC RPC, DCE RPC doesn't use a single standard byte order when encoding \
values; instead, it uses "receiver makes it right", so that the data is transmitted \
in the byte order of the sending host, and the receiving host has to translate that \
into its byte order if necessary.  (It also uses "receiver makes it right" for \
floating-point numbers - the sender transmits the number in its own format, whether \
that's IEEE binary, PDP-11/VAX format, Cray format, or IBM System/3x0 format.  \
Presumably if it supports multiple formats, as Alpha-based machines and later \
System/390 and all z/Architecture machines do, it uses whatever format the program is \
using.) ___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@wireshark.org?subject=unsubscribe


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic