| dcerpc.array.actual_count | Actual Count | Unsigned 32-bit integer | Actual Count: Actual number of elements in the array |
| dcerpc.array.max_count | Max Count | Unsigned 32-bit integer | Maximum Count: Number of elements in the array |
| dcerpc.array.offset | Offset | Unsigned 32-bit integer | Offset for first element in array |
| dcerpc.auth_ctx_id | Auth Context ID | Unsigned 32-bit integer | |
| dcerpc.auth_level | Auth level | Unsigned 8-bit integer | |
| dcerpc.auth_pad_len | Auth pad len | Unsigned 8-bit integer | |
| dcerpc.auth_rsrvd | Auth Rsrvd | Unsigned 8-bit integer | |
| dcerpc.auth_type | Auth type | Unsigned 8-bit integer | |
| dcerpc.cn_ack_reason | Ack reason | Unsigned 16-bit integer | |
| dcerpc.cn_ack_result | Ack result | Unsigned 16-bit integer | |
| dcerpc.cn_ack_trans_id | Transfer Syntax | String | |
| dcerpc.cn_ack_trans_ver | Syntax ver | Unsigned 32-bit integer | |
| dcerpc.cn_alloc_hint | Alloc hint | Unsigned 32-bit integer | |
| dcerpc.cn_assoc_group | Assoc Group | Unsigned 32-bit integer | |
| dcerpc.cn_auth_len | Auth Length | Unsigned 16-bit integer | |
| dcerpc.cn_bind_if_ver | Interface Ver | Unsigned 16-bit integer | |
| dcerpc.cn_bind_if_ver_minor | Interface Ver Minor | Unsigned 16-bit integer | |
| dcerpc.cn_bind_to_uuid | Interface UUID | String | |
| dcerpc.cn_bind_trans_id | Transfer Syntax | String | |
| dcerpc.cn_bind_trans_ver | Syntax ver | Unsigned 32-bit integer | |
| dcerpc.cn_call_id | Call ID | Unsigned 32-bit integer | |
| dcerpc.cn_cancel_count | Cancel count | Unsigned 8-bit integer | |
| dcerpc.cn_ctx_id | Context ID | Unsigned 16-bit integer | |
| dcerpc.cn_flags | Packet Flags | Unsigned 8-bit integer | |
| dcerpc.cn_flags.cancel_pending | Cancel Pending | Boolean | |
| dcerpc.cn_flags.dne | Did Not Execute | Boolean | |
| dcerpc.cn_flags.first_frag | First Frag | Boolean | |
| dcerpc.cn_flags.last_frag | Last Frag | Boolean | |
| dcerpc.cn_flags.maybe | Maybe | Boolean | |
| dcerpc.cn_flags.mpx | Multiplex | Boolean | |
| dcerpc.cn_flags.object | Object | Boolean | |
| dcerpc.cn_flags.reserved | Reserved | Boolean | |
| dcerpc.cn_frag_len | Frag Length | Unsigned 16-bit integer | |
| dcerpc.cn_max_recv | Max Recv Frag | Unsigned 16-bit integer | |
| dcerpc.cn_max_xmit | Max Xmit Frag | Unsigned 16-bit integer | |
| dcerpc.cn_num_ctx_items | Num Ctx Items | Unsigned 8-bit integer | |
| dcerpc.cn_num_protocols | Number of protocols | Unsigned 8-bit integer | |
| dcerpc.cn_num_results | Num results | Unsigned 8-bit integer | |
| dcerpc.cn_num_trans_items | Num Trans Items | Unsigned 16-bit integer | |
| dcerpc.cn_protocol_ver_major | Protocol major version | Unsigned 8-bit integer | |
| dcerpc.cn_protocol_ver_minor | Protocol minor version | Unsigned 8-bit integer | |
| dcerpc.cn_reject_reason | Reject reason | Unsigned 16-bit integer | |
| dcerpc.cn_sec_addr | Scndry Addr | String | |
| dcerpc.cn_sec_addr_len | Scndry Addr len | Unsigned 16-bit integer | |
| dcerpc.cn_status | Status | Unsigned 32-bit integer | |
| dcerpc.dg_act_id | Activitiy | String | |
| dcerpc.dg_ahint | Activity Hint | Unsigned 16-bit integer | |
| dcerpc.dg_auth_proto | Auth proto | Unsigned 8-bit integer | |
| dcerpc.dg_cancel_id | Cancel ID | Unsigned 32-bit integer | |
| dcerpc.dg_cancel_vers | Cancel Version | Unsigned 32-bit integer | |
| dcerpc.dg_flags1 | Flags1 | Unsigned 8-bit integer | |
| dcerpc.dg_flags1_broadcast | Broadcast | Boolean | |
| dcerpc.dg_flags1_frag | Fragment | Boolean | |
| dcerpc.dg_flags1_idempotent | Idempotent | Boolean | |
| dcerpc.dg_flags1_last_frag | Last Fragment | Boolean | |
| dcerpc.dg_flags1_maybe | Maybe | Boolean | |
| dcerpc.dg_flags1_nofack | No Fack | Boolean | |
| dcerpc.dg_flags1_rsrvd_01 | Reserved | Boolean | |
| dcerpc.dg_flags1_rsrvd_80 | Reserved | Boolean | |
| dcerpc.dg_flags2 | Flags2 | Unsigned 8-bit integer | |
| dcerpc.dg_flags2_cancel_pending | Cancel Pending | Boolean | |
| dcerpc.dg_flags2_rsrvd_01 | Reserved | Boolean | |
| dcerpc.dg_flags2_rsrvd_04 | Reserved | Boolean | |
| dcerpc.dg_flags2_rsrvd_08 | Reserved | Boolean | |
| dcerpc.dg_flags2_rsrvd_10 | Reserved | Boolean | |
| dcerpc.dg_flags2_rsrvd_20 | Reserved | Boolean | |
| dcerpc.dg_flags2_rsrvd_40 | Reserved | Boolean | |
| dcerpc.dg_flags2_rsrvd_80 | Reserved | Boolean | |
| dcerpc.dg_frag_len | Fragment len | Unsigned 16-bit integer | |
| dcerpc.dg_frag_num | Fragment num | Unsigned 16-bit integer | |
| dcerpc.dg_if_id | Interface | String | |
| dcerpc.dg_if_ver | Interface Ver | Unsigned 32-bit integer | |
| dcerpc.dg_ihint | Interface Hint | Unsigned 16-bit integer | |
| dcerpc.dg_seqnum | Sequence num | Unsigned 32-bit integer | |
| dcerpc.dg_serial_hi | Serial High | Unsigned 8-bit integer | |
| dcerpc.dg_serial_lo | Serial Low | Unsigned 8-bit integer | |
| dcerpc.dg_server_boot | Server boot time | Unsigned 32-bit integer | |
| dcerpc.dg_status | Status | Unsigned 32-bit integer | |
| dcerpc.drep | Data Representation | Byte array | |
| dcerpc.drep.byteorder | Byte order | Unsigned 8-bit integer | |
| dcerpc.drep.character | Character | Unsigned 8-bit integer | |
| dcerpc.drep.fp | Floating-point | Unsigned 8-bit integer | |
| dcerpc.fack_max_frag_size | Max Frag Size | Unsigned 32-bit integer | |
| dcerpc.fack_max_tsdu | Max TSDU | Unsigned 32-bit integer | |
| dcerpc.fack_selack | Selective ACK | Unsigned 32-bit integer | |
| dcerpc.fack_selack_len | Selective ACK Len | Unsigned 16-bit integer | |
| dcerpc.fack_serial_num | Serial Num | Unsigned 16-bit integer | |
| dcerpc.fack_vers | FACK Version | Unsigned 8-bit integer | |
| dcerpc.fack_window size | Window Size | Unsigned 16-bit integer | |
| dcerpc.fragment | DCE/RPC Fragment | No value | DCE/RPC Fragment |
| dcerpc.fragment.error | Defragmentation error | No value | Defragmentation error due to illegal fragments |
| dcerpc.fragment.multipletails | Multiple tail fragments found | Boolean | Several tails were found when defragmenting the packet |
| dcerpc.fragment.overlap | Fragment overlap | Boolean | Fragment overlaps with other fragments |
| dcerpc.fragment.overlap.conflict | Conflicting data in fragment overlap | Boolean | Overlapping fragments contained conflicting data |
| dcerpc.fragment.toolongfragment | Fragment too long | Boolean | Fragment contained data past end of packet |
| dcerpc.fragments | DCE/RPC Fragments | No value | DCE/RPC Fragments |
| dcerpc.krb5_av.auth_verifier | Authentication Verifier | Byte array | |
| dcerpc.krb5_av.key_vers_num | Key Version Number | Unsigned 8-bit integer | |
| dcerpc.krb5_av.prot_level | Protection Level | Unsigned 8-bit integer | |
| dcerpc.obj_id | Object | String | |
| dcerpc.op | Operation | Unsigned 16-bit integer | |
| dcerpc.opnum | Opnum | Unsigned 16-bit integer | |
| dcerpc.pkt_type | Packet type | Unsigned 8-bit integer | |
| dcerpc.referent_id | Referent ID | Unsigned 32-bit integer | Referent ID for this NDR encoded pointer |
| dcerpc.request_in | Request in | Unsigned 32-bit integer | This packet is a response to the packet in this frame |
| dcerpc.response_in | Response in | Unsigned 32-bit integer | The response to this packet is in this packet |
| dcerpc.server_accepting_cancels | Server accepting cancels | Boolean | |
| dcerpc.ver | Version | Unsigned 8-bit integer | |
| dcerpc.ver_minor | Version (minor) | Unsigned 8-bit integer | |