Connection Oriented Transport Protocol (COTP, ISO 8073)

This is the connection transport protocol of the IsoProtocolFamily.

As most readers nowadays will be more familiar with TCP, COTP is explained comparing both protocols as they are both used to transport users's data reliably over a network.

Packet-based vs. stream-based: COTP transports packets of data from one user to the other, so the receiver will get exactly the same data boundaries as the sender transmitted. TCP transports a continuous stream of data to the receiver, so the protocol on top of TCP often has to add such boundaries itself (see the TPKT protocol for such a protocol).

TSAP's vs. ports: To multiplex several conversations between two hosts, COTP uses TSAP's which are variable length binary blobs (often a meaningful string is used). These TSAP's are matched at connection establishing phase, and replaced by the 2 byte (destination/source) references at data transfer. TCP uses ports for this. One notable difference is that TSAP's are singletons - if a TSAP is used for a connection it cannot be used by another. XXX - Needs clarification. A single TSAP (Transport Service Access Point) may be used by multiple connections.

History

This protocol has been replaced by TCP in most applications. Applications that used COTP before, will often use the TPKT protocol on top of TCP now.

Protocol dependencies

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The COTP dissector is fully functional.

Preference Settings

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of COTP display filter fields can be found in the display filter reference

Capture Filter

You cannot directly filter COTP protocols while capturing. XXX - add information about capturing of lengths smaller than 1450? bytes or even better ways to capture only COTP. COTP uses well known port 102, so it is often possible to capture COTP/TPKT data by using the capture filter

Port 102

Discussion

COTP (last edited 2008-04-12 17:51:39 by localhost)