This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 1 and 2
Revision 1 as of 2005-05-22 19:56:22
Size: 2278
Editor: h184n2fls33o887
Comment: Start page about FTAM(Not realy my area)
Revision 2 as of 2005-06-29 09:59:35
Size: 2675
Editor: 176
Comment: update the FTAM page slighltly with more info about FTAM
Deletions are marked like this. Additions are marked like this.
Line 9: Line 9:
XXX - add a brief description of PROTO history FTAM is a protocol from the OSI family and its function and purpose was to act as a replacement for the IETF FTP protocol once OSI had fully replaced the obsolete IETF based protocols.
Line 13: Line 13:
 * ["TCP"]: Typically, PROTO uses ["TCP"] as its transport protocol. The well known TCP port for PROTO traffic is 80.  * ["ACSE"]: Typically, FTAM is transported ontop of ["ACSE"] and identified by the OID 1.0.8571.1.1 .
Line 21: Line 21:
The PROTO dissector is (fully functional, partially functional, not existing, ... whatever the current state is). Also add info of additional Ethereal features where appropriate, like special statistics of this protocol.
The FTAM dissector is fully functional and autogenerated by the ["ASN2ETH"] ASN1 compiler.
In order for Ethereal to even recognize a packet as being FTAM Ethereal needs to first see the ["ACSE"] packets used to associate the FTAM OID (1.0.8571).1.1 with the current PRES context identifier. I.e. unless Ethereal has seen the ["ACSE"] aarq packet to bind to FTAM, Ethereal will not know it is FTAM nor decode it as such.
 
Line 25: Line 26:
(XXX add links to preference settings affecting how PROTO is dissected). There are no preference settings specific to FTAM but you might want to enable reassembly of those transport protocols that are used below FTAM.

File Transfer Access and Management protocol (FTAM)

The File Transfer Access and Management protocol (FTAM), an ISO application protocol, offers file transfer services between client (initiator) and server (responder) systems in an open environment. FTAM also provides access to files and management of files on diverse systems. Similar to FTP (File Transfer Protocol) and NFS (Network File System) in the TCP/IP environment, FTAM is designed to help users access files on diverse systems that use compatible FTAM implementations.

History

FTAM is a protocol from the OSI family and its function and purpose was to act as a replacement for the IETF FTP protocol once OSI had fully replaced the obsolete IETF based protocols.

Protocol dependencies

  • ["ACSE"]: Typically, FTAM is transported ontop of ["ACSE"] and identified by the OID 1.0.8571.1.1 .

Example traffic

XXX - Add example traffic here (as plain text or Ethereal screenshot).

Ethereal

The FTAM dissector is fully functional and autogenerated by the ["ASN2ETH"] ASN1 compiler. In order for Ethereal to even recognize a packet as being FTAM Ethereal needs to first see the ["ACSE"] packets used to associate the FTAM OID (1.0.8571).1.1 with the current PRES context identifier. I.e. unless Ethereal has seen the ["ACSE"] aarq packet to bind to FTAM, Ethereal will not know it is FTAM nor decode it as such.

Preference Settings

There are no preference settings specific to FTAM but you might want to enable reassembly of those transport protocols that are used below FTAM.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically.

  • attachment:SampleCaptures/PROTO.pcap

Display Filter

A complete list of PROTO display filter fields can be found in the [http://www.ethereal.com/docs/dfref/protofirstletter/proto.html display filter reference]

  • Show only the PROTO based traffic:

     proto 

Capture Filter

You cannot directly filter PROTO protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.

  • Capture only the PROTO traffic over the default port (80):

     tcp port 80 

Discussion

FTAM (last edited 2008-04-12 17:50:00 by localhost)