RCP decode on WS 2.6.21

  • retag add tags

Oops dyslexic title.

We have a RH Enterprise machine that came with WS 2.6.21. It appears not to be able to detect RPC protocol packets although newer WS versions can.

Anyone know if 2.6.21 would have this kind of problem?

Seven30's avatar
1
Seven30
asked 2022-05-09 16:21:48 +0000, updated 2022-05-09 19:38:40 +0000
edit flag offensive 0 remove flag close merge delete

Comments

There is a pcap attached to Issue 11955 - Large ONC RPC messages sent over TCP not recognized heuristically.
Does it decode properly on your RH system? It decodes with 2.6.10 on Windows.

RPC seems to be a big tent. Can you share a pcap that demonstrates the issue you see on a public file share then add a link to it in your question above?

Chuckc's avatar Chuckc (2022-05-09 20:08:37 +0000) edit
more
  • delete

Thank you! Ill pull it down and check.

This pcap contains aggregated tcp packets much larger than 1514 and I suspect that may be part of the problem.

Normally I run a current WS but due to gdpr we no longer directly administer the machines and have to provide justification to the admins to update anything. Hence trying to track this down to an actual issue #

Seven30's avatar Seven30 (2022-05-10 13:27:34 +0000) edit
more
  • delete
add a comment see more comments