From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_062A_01C4450F.48C0D700
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   You can use the network monitor to capture network traffic which =
includes the RPC IID.  You then try the remote interfaces and look at = the
capture to see the IIDs used.

   I think there are third party tools that try to crack the RPC tables =
within executables to find the IIDs.

Rich

  "Gregg N"  wrote in message =
news:40b7b13b$1{at}w3.nls.net...
  Could you give me a hint what those other ways might be? I would like =
to be able to document how I arrived at my results for the people who = are
asking me for this information.

  Thanks.

  Gregg

    "Rich"  wrote in message news:40b7af2f{at}w3.nls.net...
       I looked them up in the sources.  There are other ways but that =
was the quickest for me.

    Rich

      "Gregg N"  wrote in message =
news:40b7a815$1{at}w3.nls.net...
      So "ncacn_ip_tcp" is just the protocol used over the particular =
port. But how did you resolve the UUIDs into services? I could not find, = e.g.,
        0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
      in the registry.

      Gregg

        "Rich"  wrote in message news:40b7a32f{at}w3.nls.net...
           The UUIDs below identify the endpoints.  The port 1025 =
instances are associated with the task scheduler service.

        Rich

          "Gregg N"  wrote in message =
news:40b76b8f$1{at}w3.nls.net...
          I am not sure if I am running with the best arguments and =
switches, but the output of rpcdump and portqry are listed below. It =
looks like port 1025 is being used by something called NCACN

          RPCDUMP

----------------------------------------------------------------------

          C:\Program Files\Resource Kit>rpcdump /i /v
          Querying Endpoint Mapper Database...

          9 registered endpoints found.

          Collecting Data....  This may take a while.

                    0    10   20   30   40   50   60   70   80   90  100
                    |----|----|----|----|----|----|----|----|----|----|
                    ...................................................

          ProtSeq:ncacn_ip_tcp
          Endpoint:1025
          NetOpt:
          Annotation:
          IsListening:YES
          StringBinding:ncacn_ip_tcp:192.168.50.99[1025]
          UUID:0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
          ComTimeOutValue:RPC_C_BINDING_DEFAULT_TIMEOUT
          VersMajor 1  VersMinor 0
------=_NextPart_000_062A_01C4450F.48C0D700
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   You can
use the network =
monitor to=20
capture network traffic which includes the RPC IID.  You then try = the=20
remote interfaces and look at the capture to see the IIDs =
used.
 
   I think
there are third =
party tools=20
that try to crack the RPC tables within executables to find the=20
IIDs.
 
Rich
 

  "Gregg N" <greggn{at}invalid.invalid>">mailto:greggn{at}invalid.invalid">greggn{at}invalid.invalid>
=
wrote in=20
  message news:40b7b13b$1{at}w3.nls.net...
  Could you give me a hint what those =
other ways=20
  might be? I would like to be able to document how I arrived at my =
results for=20
  the people who are asking me for this information.
  Thanks.
   
  Gregg
   
  

    "Rich" <{at}> wrote in message news:40b7af2f{at}w3.nls.net...
       I
looked them up in =
the=20
    sources.  There are other ways but that was the quickest for=20
    me.
     
    Rich
     
    

      "Gregg N" <greggn{at}invalid.invalid>">mailto:greggn{at}invalid.invalid">greggn{at}invalid.invalid>
= wrote=20
      in message news:40b7a815$1{at}w3.nls.net...
      So
"ncacn_ip_tcp" is just the =
protocol used=20
      over the particular port. But how did you resolve the UUIDs into =
services?=20
      I could not find, e.g.,
      
        0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
      in the
registry.
       
      Gregg
       
      

        "Rich" <{at}> wrote in message news:40b7a32f{at}w3.nls.net...
          
The UUIDs below =
identify the=20
        endpoints.  The port 1025 instances are associated with the =
task=20
        scheduler service.
        Rich
         
        

          "Gregg N" <greggn{at}invalid.invalid>=20">mailto:greggn{at}invalid.invalid">greggn{at}invalid.invalid>=20
          wrote in message news:40b76b8f$1{at}w3.nls.net...
          I am not sure if I am running with the best arguments and =

          switches, but the output of rpcdump and portqry are listed =
below. It=20
          looks like port 1025 is being used by something called=20
          NCACNRPCDUMP
          
          
          C:\Program Files\Resource=20
          Kit>rpcdump /i /vQuerying Endpoint Mapper=20
          Database...
           
          9 registered endpoints=20
          found.
          Collecting Data....  This may take a =
while.
           
                   =20
          0    10  
20   =
30  =20
          40   50  
60   70  =20
          80   90 =20
         
100         =20
          =
|----|----|----|----|----|----|----|----|----|----|   =
      =20
          =
...................................................
           
          ProtSeq:ncacn_ip_tcp
          Endpoint:1025
          NetOpt:
          Annotation:
          IsListening:YES
          StringBinding:ncacn_ip_tcp:192.168.50.99[1025]
          UUID:0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53
          ComTimeOutValue:RPC_C_BINDING_DEFAULT_TIMEOUT
          VersMajor
1  VersMinor =

          =
0

------=_NextPart_000_062A_01C4450F.48C0D700--

--- BBBS/NT v4.01 Flag-5