|
|
# Microsoft DSSETUP (Active Directory Services Setup) interface
|
|
|
|
|
|
This is a [DCE/RPC](/DCE/RPC) based protocol used by [CIFS](/CIFS) hosts to obtain information about the Active Directory configuration of a remote host. This dissector is described by an IDL file and is automatically generated by the [Pidl](/Pidl) compiler.
|
|
|
|
|
|
## History
|
|
|
|
|
|
This protocol first appeared with the release of Active Directory (Windows 2000). The MS04-011 security patch removed all the operations of the DSSETUP interface except the first one ([DsRoleGetPrimaryDomainInformation](/DsRoleGetPrimaryDomainInformation)).
|
|
|
|
|
|
In Windows Server 2003 and \> (including Windows XP SP2), the DSSETUP interface only supports the first operation.
|
|
|
|
|
|
## Protocol dependencies
|
|
|
|
|
|
- [DCE/RPC](/DCE/RPC): This protocol is implemented ontop of the [DCE/RPC](/DCE/RPC) transport. This protocol is often access from the \\PIPE\\lsarpc named pipe on IPC$ but in some cases, it can also be reached through a dynamically assigned [TCP](/TCP) port.
|
|
|
|
|
|
## Example traffic
|
|
|
|
|
|
XXX - Add example traffic here (as plain text or Wireshark screenshot).
|
|
|
|
|
|
## Wireshark
|
|
|
|
|
|
The DSSETUP dissector is fully functional.
|
|
|
|
|
|
## Preference Settings
|
|
|
|
|
|
There are no preference setting specific to the DSSETUP protocol.
|
|
|
|
|
|
## Example capture file
|
|
|
|
|
|
- [SampleCaptures/dssetup\_DsRoleGetPrimaryDomainInformation\_standalone\_workstation.cap](uploads/__moin_import__/attachments/SampleCaptures/dssetup_DsRoleGetPrimaryDomainInformation_standalone_workstation.cap)
|
|
|
|
|
|
- [SampleCaptures/dssetup\_DsRoleGetPrimaryDomainInformation\_ad\_member.cap](uploads/__moin_import__/attachments/SampleCaptures/dssetup_DsRoleGetPrimaryDomainInformation_ad_member.cap)
|
|
|
|
|
|
- [SampleCaptures/dssetup\_DsRoleGetPrimaryDomainInformation\_ad\_dc.cap](uploads/__moin_import__/attachments/SampleCaptures/dssetup_DsRoleGetPrimaryDomainInformation_ad_dc.cap)
|
|
|
|
|
|
- [SampleCaptures/dssetup\_DsRoleDnsNameToFlatName\_w2k3\_op\_rng\_error.cap](uploads/__moin_import__/attachments/SampleCaptures/dssetup_DsRoleDnsNameToFlatName_w2k3_op_rng_error.cap)
|
|
|
|
|
|
- [SampleCaptures/dssetup\_DsRoleDnsNameToFlatName\_w2k.cap](uploads/__moin_import__/attachments/SampleCaptures/dssetup_DsRoleDnsNameToFlatName_w2k.cap)
|
|
|
|
|
|
- [SampleCaptures/dssetup\_DsRoleUpgradeDownlevelServer\_MS04-011\_exploit.cap](uploads/__moin_import__/attachments/SampleCaptures/dssetup_DsRoleUpgradeDownlevelServer_MS04-011_exploit.cap)
|
|
|
|
|
|
## Display Filter
|
|
|
|
|
|
A complete list of DSSETUP display filter fields can be found in the [display filter reference](http://www.wireshark.org/docs/dfref/d/dssetup.html)
|
|
|
|
|
|
Show only the DSSETUP based traffic:
|
|
|
|
|
|
```
|
|
|
dssetup
|
|
|
```
|
|
|
|
|
|
## Capture Filter
|
|
|
|
|
|
You cannot directly filter DSSETUP protocols while capturing.
|
|
|
|
|
|
## Protocol Functions
|
|
|
|
|
|
The DSSETUP interface supports the following operations:
|
|
|
|
|
|
- [dssetup\_DsRoleGetPrimaryDomainInformation](/dssetup_DsRoleGetPrimaryDomainInformation) (Windows 2000 and \>)
|
|
|
|
|
|
- [dssetup\_DsRoleDnsNameToFlatName](/dssetup_DsRoleDnsNameToFlatName) (only in Windows 2000 and Windows XP without MS04-011 applied)
|
|
|
|
|
|
- [dssetup\_DsRoleDcAsDc](/dssetup_DsRoleDcAsDc) (only in Windows 2000 and Windows XP without MS04-011 applied)
|
|
|
|
|
|
- [dssetup\_DsRoleDcAsReplica](/dssetup_DsRoleDcAsReplica) (only in Windows 2000 and Windows XP without MS04-011 applied)
|
|
|
|
|
|
- [dssetup\_DsRoleDemoteDc](/dssetup_DsRoleDemoteDc) (only in Windows 2000 and Windows XP without MS04-011 applied)
|
|
|
|
|
|
- [dssetup\_DsRoleGetDcOperationProgress](/dssetup_DsRoleGetDcOperationProgress) (only in Windows 2000 and Windows XP without MS04-011 applied)
|
|
|
|
|
|
- [dssetup\_DsRoleGetDcOperationResults](/dssetup_DsRoleGetDcOperationResults) (only in Windows 2000 and Windows XP without MS04-011 applied)
|
|
|
|
|
|
- [dssetup\_DsRoleCancel](/dssetup_DsRoleCancel) (only in Windows 2000 and Windows XP without MS04-011 applied)
|
|
|
|
|
|
- [dssetup\_DsRoleServerSaveStateForUpgrade](/dssetup_DsRoleServerSaveStateForUpgrade) (only in Windows 2000 and Windows XP without MS04-011 applied)
|
|
|
|
|
|
- [dssetup\_DsRoleUpgradeDownlevelServer](/dssetup_DsRoleUpgradeDownlevelServer) (only in Windows 2000 and Windows XP without MS04-011 applied)
|
|
|
|
|
|
- [dssetup\_DsRoleAbortDownlevelServerUpgrade](/dssetup_DsRoleAbortDownlevelServerUpgrade) (only in Windows 2000 and Windows XP without MS04-011 applied)
|
|
|
|
|
|
## External links
|
|
|
|
|
|
- <http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_4_0/source/librpc/idl/dssetup.idl> IDL definition for the DSSETUP interface.
|
|
|
|
|
|
## Discussion
|
|
|
|
|
|
---
|
|
|
|
|
|
Imported from https://wiki.wireshark.org/DSSETUP on 2020-08-11 23:13:39 UTC |