This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 3 and 14 (spanning 11 versions)
Revision 3 as of 2005-09-15 07:22:39
Size: 1647
Comment:
Revision 14 as of 2008-04-12 17:51:24
Size: 1378
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:
= CONNECTION-ORIENTED PRESENTATION PROTOCOL (PRES) = = ISO 8823/X.226 OSI PRESENTATION PROTOCOL (PRES) =
Line 4: Line 4:
This protocol is defined as ITU recommendation X.226 This protocol is defined as [[ISO]] standard 8823 and [[ITU-T]] recommendation X.226.

It is part of the IsoProtocolFamily.
Line 12: Line 14:
 * ["TCP"]: Typically, PROTO uses ["TCP"] as its transport protocol. The well known TCP port for PROTO traffic is 80.  * See IsoProtocolFamily for protocol dependencies
Line 16: Line 18:
XXX - Add example traffic here (as plain text or Ethereal screenshot). XXX - Add example traffic here (as plain text or Wireshark screenshot).
Line 18: Line 20:
== Ethereal == == Wireshark ==
Line 20: Line 22:
The PRES dissector is generated by the ["ASN2ETH"} compiler. The PRES dissector is generated by the [[Asn2wrs]] compiler.
Line 24: Line 26:
(XXX add links to preference settings affecting how PROTO is dissected). (XXX add links to preference settings affecting how PRES is dissected).
Line 28: Line 30:
XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically. XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
Line 30: Line 32:
 * attachment:SampleCaptures/PROTO.pcap  * [[attachment:SampleCaptures/PROTO.pcap]]
Line 33: Line 35:
A complete list of PRES display filter fields can be found in the [http://www.ethereal.com/docs/dfref/p/pres.html display filter reference] A complete list of PRES display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/p/pres.html|display filter reference]]
Line 35: Line 37:
 Show only the PROTO based traffic: {{{  Show only the PRES based traffic: {{{
Line 40: Line 42:
You cannot directly filter PRES protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.

 Capture only the ACSE traffic over the default port (80): {{{
 tcp port 80 }}}
You cannot directly filter PRES protocols while capturing.
Line 48: Line 46:
 * add link to PROTO specification and where to find additional info on the web about it, e.g.:
 * [http://www.ietf.org/rfc/rfc123.txt RFC 123] ''The RFC title'' - explanation of the RFC content.
* [[http://www.itu.int/ITU-T/asn1/database/itu-t/x/x226/index.html]] ITU PRES page.

ISO 8823/X.226 OSI PRESENTATION PROTOCOL (PRES)

This protocol is defined as ISO standard 8823 and ITU-T recommendation X.226.

It is part of the IsoProtocolFamily.

History

This protocol is part of the OSI stack.

Protocol dependencies

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The PRES dissector is generated by the Asn2wrs compiler.

Preference Settings

(XXX add links to preference settings affecting how PRES is dissected).

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of PRES display filter fields can be found in the display filter reference

  • Show only the PRES based traffic:

     pres 

Capture Filter

You cannot directly filter PRES protocols while capturing.

* http://www.itu.int/ITU-T/asn1/database/itu-t/x/x226/index.html ITU PRES page.

Discussion

PRES (last edited 2008-04-12 17:51:24 by localhost)