scapy.contrib.dce_rpc module¶

A basic dissector for DCE/RPC. Isn’t reliable for all packets and for building

class scapy.contrib.dce_rpc.DceRpc¶

Bases: scapy.packet.Packet

DCE/RPC packet

aliastypes = [<class 'scapy.contrib.dce_rpc.DceRpc'>, <class 'scapy.packet.Packet'>]¶

fields_desc = [<Field (DceRpc).version>, <Field (DceRpc).type>, <Field (DceRpc).flags1>, <Field (DceRpc).flags2>, <Field (DceRpc).endianness>, <Field (DceRpc).encoding>, <Field (DceRpc).float>, <Field (DceRpc).DataRepr_reserved>, <Field (DceRpc).serial_high>, <scapy.contrib.dce_rpc.EndiannessField object>, <scapy.contrib.dce_rpc.EndiannessField object>, <scapy.contrib.dce_rpc.EndiannessField object>, <scapy.contrib.dce_rpc.EndiannessField object>, <scapy.contrib.dce_rpc.EndiannessField object>, <scapy.contrib.dce_rpc.EndiannessField object>, <scapy.contrib.dce_rpc.EndiannessField object>, <scapy.contrib.dce_rpc.EndiannessField object>, <scapy.contrib.dce_rpc.EndiannessField object>, <scapy.contrib.dce_rpc.EndiannessField object>, <scapy.contrib.dce_rpc.EndiannessField object>, <Field (DceRpc).auth>, <Field (DceRpc).serial_low>]¶

class scapy.contrib.dce_rpc.DceRpcPayload¶

Bases: scapy.packet.Packet

Dummy class which use the dispatch_hook to find the payload class

aliastypes = [<class 'scapy.contrib.dce_rpc.DceRpcPayload'>, <class 'scapy.packet.Packet'>]¶

classmethod dispatch_hook(_pkt, _underlayer=None, *args, **kargs)¶: dispatch_hook to choose among different registered payloads

classmethod register_possible_payload(pay)¶: Method to call from possible DCE/RPC endpoint to register it as possible payload

class scapy.contrib.dce_rpc.EndiannessField(fld, endianess_from)¶

Bases: object

Field which change the endianness of a sub-field

addfield(pkt, buf, val)¶: add the field with endianness to the buffer

scapy.contrib.dce_rpc.dce_rpc_endianess(pkt)¶: Determine the right endianness sign for a given DCE/RPC packet