The Directory Access Protocol (DAP) is used by Directory User Agemts (DUAs) to retrieve information from a Directory System Agent (DSA). The information in the DSA is stored in entries in a hierarchical form, with each entry containing attributes that are specific to one of more object classes. DAP allows a client to list, search, add, delete, modify and rename the entries within the DSA.
If a DSA does not hold the information being searched for, it may chain the DAP operation to another DSA using DSP.
XXX - Add example traffic here (as plain text or Wireshark screenshot).
The DAP dissector is fully functional, including support for signed operations.
From the source file packet-dap.c (fodder for Wiki searches)
/* packet-dap.c * Routines for X.511 (X.500 Directory Asbtract Service) and X.519 DAP packet dissection * Graeme Lunt 2005
/* we don't have a separate dissector for X519 - most of DAP is defined in X511 */ #define PNAME "X.519 Directory Access Protocol"
There is a single preference field for the DAP dissector, the DAP TCP Port - the port to which DAP associations are made. The default value is 102.
NOTE: moved in 31205360 : "Have TPKT support a TCP port range preference instead of having "subdissectors?" register their own."
To be provided.
Attached to issue #5507 : "X.519 - BER: Dissector for OID:18.104.22.168.1011.5.4.1.1 and OID:22.214.171.124.1011.5.4.1.2 not implemented. Contact Wireshark developers if you want this supported"
TSTI11_DSA.TRC: example trace file highlighting the missing dissector
A complete list of DAP display filter fields can be found in the display filter reference
Show only the DAP based traffic:
You cannot directly filter DAP protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.
Capture only the DAP traffic over a non-standard port (19970):
tcp port 19970
Understanding X.500 - The Directory David Chadwick's book
Imported from https://wiki.wireshark.org/DAP on 2020-08-11 23:12:26 UTC