Differences between revisions 4 and 5
Revision 4 as of 2007-11-18 21:11:52
Size: 2318
Editor: GuyHarris
Comment: Fix typo.
Revision 5 as of 2008-04-12 17:51:49
Size: 2330
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 7: Line 7:
If a DSA does not hold the information being searched for, it may chain the DAP operation to another DSA using ["DSP"]. If a DSA does not hold the information being searched for, it may chain the DAP operation to another DSA using [[DSP]].
Line 13: Line 13:
 * ["ROS"]: Typically, DAP uses ["ROS"] during connection establishment (abstract syntax [http://oid.elibel.tm.fr/2.5.3.1 2.5.3.1]).
 * ["ACSE"]: Typically, DAP uses ["ACSE"] for association control (association context [http://oid.elibel.tm.fr/2.5.9.1 2.5.9.1])
 * ["COTP"]: Typically, DAP uses ["COTP"] as its transport protocol. The well known TCP port for DAP traffic is 102, though some DSAs will often listen on other ports e.g. 19970.
 * [[ROS]]: Typically, DAP uses [[ROS]] during connection establishment (abstract syntax [[http://oid.elibel.tm.fr/2.5.3.1|2.5.3.1]]).
 * [[ACSE]]: Typically, DAP uses [[ACSE]] for association control (association context [[http://oid.elibel.tm.fr/2.5.9.1|2.5.9.1]])
 * [[COTP]]: Typically, DAP uses [[COTP]] as its transport protocol. The well known TCP port for DAP traffic is 102, though some DSAs will often listen on other ports e.g. 19970.
Line 34: Line 34:
A complete list of DAP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/d/dap.html display filter reference] A complete list of DAP display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/d/dap.html|display filter reference]]
Line 41: Line 41:
You cannot directly filter DAP protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one. You cannot directly filter DAP protocols while capturing. However, if you know the [[TCP]] port used (see above), you can filter on that one.
Line 48: Line 48:
 * [http://www.itu.int/ITU-T/asn1/database/itu-t/x/x511/2005/DirectoryAbstractService.html ASN.1 Specification from ITU]
 * [http://www.itu.int/rec/T-REC-X.511-200508-I/en X.511 Recommendation]
 * [http://www.cs.kent.ac.uk/pubs/1996/2051/ Understanding X.500 - The Directory] David Chadwick's book
 * [[http://www.itu.int/ITU-T/asn1/database/itu-t/x/x511/2005/DirectoryAbstractService.html|ASN.1 Specification from ITU]]
 * [[http://www.itu.int/rec/T-REC-X.511-200508-I/en|X.511 Recommendation]]
 * [[http://www.cs.kent.ac.uk/pubs/1996/2051/|Understanding X.500 - The Directory]] David Chadwick's book

Directory Access Protocol (DAP)

The Directory Access Protocol (DAP) is used by Directory User Agemts (DUAs) to retrieve information from a Directory System Agent (DSA). The information in the DSA is stored in entries in a hierarchical form, with each entry containing attributes that are specific to one of more object classes. DAP allows a client to list, search, add, delete, modify and rename the entries within the DSA.

If a DSA does not hold the information being searched for, it may chain the DAP operation to another DSA using DSP.

History

Protocol dependencies

  • ROS: Typically, DAP uses ROS during connection establishment (abstract syntax 2.5.3.1).

  • ACSE: Typically, DAP uses ACSE for association control (association context 2.5.9.1)

  • COTP: Typically, DAP uses COTP as its transport protocol. The well known TCP port for DAP traffic is 102, though some DSAs will often listen on other ports e.g. 19970.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The DAP dissector is fully functional, including support for signed operations.

Preference Settings

There is a single preference field for the DAP dissector, the DAP TCP Port - the port to which DAP associations are made. The default value is 102.

Example capture file

To be provided.

Display Filter

A complete list of DAP display filter fields can be found in the display filter reference

  • Show only the DAP based traffic:

     dap

Capture Filter

You cannot directly filter DAP protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.

  • Capture only the DAP traffic over a non-standard port (19970):

     tcp port 19970 

Discussion

DAP (last edited 2008-04-12 17:51:49 by localhost)