The File Transfer Access and Management protocol (FTAM), an ISO application protocol, offers file transfer services between client (initiator) and server (responder) systems in an open environment. FTAM also provides access to files and management of files on diverse systems. Similar to FTP (File Transfer Protocol) and NFS (Network File System) in the TCP/IP environment, FTAM is designed to help users access files on diverse systems that use compatible FTAM implementations.
FTAM is a protocol from the OSI family and its function and purpose was to act as a replacement for the IETF FTP protocol once OSI had fully replaced the obsolete IETF based protocols.
XXX - Add example traffic here (as plain text or Wireshark screenshot).
The FTAM dissector is fully functional and autogenerated by the ASN2ETH ASN1 compiler. In order for Wireshark to even recognize a packet as being FTAM Wireshark needs to first see the ACSE packets used to associate the FTAM OID (1.0.8571).1.1 with the current PRES context identifier. I.e. unless Wireshark has seen the ACSE aarq packet to bind to FTAM, Wireshark will not know it is FTAM nor decode it as such.
There are no preference settings specific to FTAM but you might want to enable reassembly of those transport protocols that are used below FTAM.
XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
A complete list of PROTO display filter fields can be found in the display filter reference
Show only the PROTO based traffic:
You cannot directly filter PROTO protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.
Capture only the PROTO traffic over the default port (80):
tcp port 80
Imported from https://wiki.wireshark.org/FTAM on 2020-08-11 23:14:12 UTC