This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 1 and 2
Revision 1 as of 2005-09-15 07:17:41
Size: 1675
Comment:
Revision 2 as of 2005-09-15 07:18:24
Size: 1674
Comment:
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:
== CONNECTION-ORIENTED PRESENTATION PROTOCOL (PRES) = = CONNECTION-ORIENTED PRESENTATION PROTOCOL (PRES) =

CONNECTION-ORIENTED PRESENTATION PROTOCOL (PRES)

This protocol is defined as ITU recommendation X.226

History

XXX - add a brief description of PROTO history

Protocol dependencies

  • ["TCP"]: Typically, PROTO uses ["TCP"] as its transport protocol. The well known TCP port for PROTO traffic is 80.

Example traffic

XXX - Add example traffic here (as plain text or Ethereal screenshot).

Ethereal

The PRES dissector is generated by the ["ASN2ETH"} compiler.

Preference Settings

(XXX add links to preference settings affecting how PROTO is dissected).

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically.

  • attachment:SampleCaptures/PROTO.pcap

Display Filter

A complete list of PROTO display filter fields can be found in the [http://www.ethereal.com/docs/dfref/protofirstletter/proto.html display filter reference]

  • Show only the PROTO based traffic:

     proto 

Capture Filter

You cannot directly filter PROTO protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.

  • Capture only the PROTO traffic over the default port (80):

     tcp port 80 

  • add link to PROTO specification and where to find additional info on the web about it, e.g.:
  • [http://www.ietf.org/rfc/rfc123.txt RFC 123] The RFC title - explanation of the RFC content.

Discussion

PRES (last edited 2008-04-12 17:51:24 by localhost)