Directory Access Protocol (DAP)
The Directory Access Protocol (DAP) is used by Directory User Agemts (DUAs) to retrieve information from a Directory System Agent (DSA). The information in the DSA is stored in entries in a hierarchical form, with each entry containing attributes that are specific to one of more object classes. DAP allows a client to list, search, add, delete, modify and rename the entries within the DSA.
If a DSA does not hold the information being searched for, it may chain the DAP operation to another DSA using DSP.
XXX - Add example traffic here (as plain text or Wireshark screenshot).
The DAP dissector is fully functional, including support for signed operations.
There is a single preference field for the DAP dissector, the DAP TCP Port - the port to which DAP associations are made. The default value is 102.
Example capture file
To be provided.
A complete list of DAP display filter fields can be found in the display filter reference
Show only the DAP based traffic:
You cannot directly filter DAP protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.
Capture only the DAP traffic over a non-standard port (19970):
tcp port 19970
Understanding X.500 - The Directory David Chadwick's book