This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 2 and 3
Revision 2 as of 2005-06-29 09:59:35
Size: 2675
Editor: 176
Comment: update the FTAM page slighltly with more info about FTAM
Revision 3 as of 2006-06-05 03:19:15
Size: 2683
Editor: localhost
Comment:
Deletions are marked like this. Additions are marked like this.
Line 17: Line 17:
XXX - Add example traffic here (as plain text or Ethereal screenshot). XXX - Add example traffic here (as plain text or Wireshark screenshot).
Line 19: Line 19:
== Ethereal == == Wireshark ==
Line 22: Line 22:
In order for Ethereal to even recognize a packet as being FTAM Ethereal needs to first see the ["ACSE"] packets used to associate the FTAM OID (1.0.8571).1.1 with the current PRES context identifier. I.e. unless Ethereal has seen the ["ACSE"] aarq packet to bind to FTAM, Ethereal will not know it is FTAM nor decode it as such. In order for Wireshark to even recognize a packet as being FTAM Wireshark needs to first see the ["ACSE"] packets used to associate the FTAM OID (1.0.8571).1.1 with the current PRES context identifier. I.e. unless Wireshark has seen the ["ACSE"] aarq packet to bind to FTAM, Wireshark will not know it is FTAM nor decode it as such.
Line 30: Line 30:
XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically. XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
Line 35: Line 35:
A complete list of PROTO display filter fields can be found in the [http://www.ethereal.com/docs/dfref/protofirstletter/proto.html display filter reference] A complete list of PROTO display filter fields can be found in the [http://www.wireshark.org/docs/dfref/protofirstletter/proto.html display filter reference]

File Transfer Access and Management protocol (FTAM)

The File Transfer Access and Management protocol (FTAM), an ISO application protocol, offers file transfer services between client (initiator) and server (responder) systems in an open environment. FTAM also provides access to files and management of files on diverse systems. Similar to FTP (File Transfer Protocol) and NFS (Network File System) in the TCP/IP environment, FTAM is designed to help users access files on diverse systems that use compatible FTAM implementations.

History

FTAM is a protocol from the OSI family and its function and purpose was to act as a replacement for the IETF FTP protocol once OSI had fully replaced the obsolete IETF based protocols.

Protocol dependencies

  • ["ACSE"]: Typically, FTAM is transported ontop of ["ACSE"] and identified by the OID 1.0.8571.1.1 .

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The FTAM dissector is fully functional and autogenerated by the ["ASN2ETH"] ASN1 compiler. In order for Wireshark to even recognize a packet as being FTAM Wireshark needs to first see the ["ACSE"] packets used to associate the FTAM OID (1.0.8571).1.1 with the current PRES context identifier. I.e. unless Wireshark has seen the ["ACSE"] aarq packet to bind to FTAM, Wireshark will not know it is FTAM nor decode it as such.

Preference Settings

There are no preference settings specific to FTAM but you might want to enable reassembly of those transport protocols that are used below FTAM.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

  • attachment:SampleCaptures/PROTO.pcap

Display Filter

A complete list of PROTO display filter fields can be found in the [http://www.wireshark.org/docs/dfref/protofirstletter/proto.html display filter reference]

  • Show only the PROTO based traffic:

     proto 

Capture Filter

You cannot directly filter PROTO protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.

  • Capture only the PROTO traffic over the default port (80):

     tcp port 80 

Discussion

FTAM (last edited 2008-04-12 17:50:00 by localhost)