4.18.2. DCOM network traffic

The Understanding the DCOM Wire Protocol by Analyzing Network Data Packets article, published in the March 1998 issue of the Microsoft Systems Journal publication, documents how DCOM is implemented at the network level.

The DCOM wire protocol uses DCE RPC as its transport protocol. Ethereal supports the DCOM wire protocol and has dissectors for the following core COM interfaces:

When analyzing DCOM traffic with Ethereal, it is recommended to use the Windows version of Ethereal because it is able to use the Windows registry to translate IID's (GUID's) to interfaces names.