Using Network Monitor for Custom RPC
In many cases, it may not be obvious what specific interfaces a particular application
uses to connect to another server. This is particularly true with RPC UUIDs, which are
not always published in documentation or on the Internet. In cases where custom protocol
definitions need to be made for securing the service, but the UUIDs are unknown,
using a network packet capture tool is a useful approach for identifying which types of
interfaces to allow.
FIGURE 15.6 Adding server interfaces to a custom RPC protocol.
423
15
Using Network Monitor for Custom RPC
FIGURE 15.7 Manually adding UUIDs to an RPC protocol definition.
Windows Server 2003 includes a free Network Monitor tool that can be installed on any
server to monitor the packets that are sent directly to that particular server. It can be
installed on a destination server, for example, to identify which RPC interfaces a particular
application is using, for example.
Installing Network Monitor
The first step to inspecting the RPC packets and creating a custom rule based on the
UUIDs of a service is to install Network Monitor on the server.
Pages:
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675