Differences between revisions 2 and 3
Revision 2 as of 2006-06-05 03:19:13
Size: 2382
Editor: localhost
Revision 3 as of 2007-11-18 09:23:46
Size: 2317
Editor: GraemeLunt
Comment: Add link to the whole recommendation. and tidyups
Deletions are marked like this. Additions are marked like this.
Line 23: Line 23:
The PROTO dissector is (fully functional, partially functional, not existing, ... whatever the current state is). Also add info of additional Wireshark features where appropriate, like special statistics of this protocol. The DAP dissector is fully functional, including support for signed operations.
Line 43: Line 43:
 Capture only the DAP traffic over the default port (19970): {{{  Capture only the DAP traffic over a non-standard port (19970): {{{
Line 49: Line 49:
 * [http://www.itu.int/rec/T-REC-X.511-200508-I/en X.511 Recommendation]

Directory Access Protocol (DAP)

The Directory Access Protocol (DAP) is used by Directory User Agemts (DUAs) to retrieve information from a Directory System Agent (DSA). The information in the DSA is stored in entries in a hierachical form, with each entry containing attributes that are specific to one of more object classes. DAP allows a client to list, search, add, delete, modify and rename the entries within the DSA.

If a DSA does not hold the information being searched for, it may chain the DAP operation to another DSA using ["DSP"].


Protocol dependencies

  • ["ROS"]: Typically, DAP uses ["ROS"] during connection establishment (abstract syntax [http://oid.elibel.tm.fr/]).

  • ["ACSE"]: Typically, DAP uses ["ACSE"] for association control (association context [http://oid.elibel.tm.fr/])

  • ["COTP"]: Typically, DAP uses ["COTP"] as its transport protocol. The well known TCP port for DAP traffic is 102, though some DSAs will often listen on other ports e.g. 19970.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).


The DAP dissector is fully functional, including support for signed operations.

Preference Settings

There is a single preference field for the DAP dissector, the DAP TCP Port - the port to which DAP associations are made. The default value is 102.

Example capture file

To be provided.

Display Filter

A complete list of DAP display filter fields can be found in the [http://www.wireshark.org/docs/dfref/d/dap.html display filter reference]

  • Show only the DAP based traffic:


Capture Filter

You cannot directly filter DAP protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.

  • Capture only the DAP traffic over a non-standard port (19970):

     tcp port 19970 


DAP (last edited 2008-04-12 17:51:49 by localhost)