I'm trying to trace an rpc conversation with Wireshark and for the most part I get it, but there's one piece I can't seem to figure out. I'm trying to see where the host server's endpoint mapper responds with the dynamic IP the client should use for the given service. I see the IOXIDResolver response, but nowhere do I see a port to be used. The conversation just continues on the correct port.
This is just curiosity in wanting to see where in the response the port is specified, but I cannot identify it anywhere.