This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 3 and 4
Revision 3 as of 2008-12-12 16:00:50
Size: 2222
Editor: stemplar
Comment:
Revision 4 as of 2008-12-12 16:10:55
Size: 2119
Editor: stemplar
Comment:
Deletions are marked like this. Additions are marked like this.
Line 14: Line 14:
{{attachment:D:\Projects\Sources\wireshark.submit\1) Association Accept.png|D:\Projects\Sources\wireshark.submit\1) Association Accept.png}} {{attachment:dicom-assoc-accept.png}}

Digital Imaging and Communications in Medicine (DICOM)

Wikipedia has a very good high level description about DICOM and the protocol specifications can be found at the DICOM Homepage. This page will focus on wireshark specific topics.

History

XXX - add a brief description of DICOM history

Protocol dependencies

  • TCP: Typically, DICOM uses TCP as its transport protocol. The well known TCP port for DICOM traffic is 104.

Example traffic

Following screenshot shows a DICOM communication containing a C-ECHO followed by C-STORE request.

[ATTACH]

The accepted or rejected presentation contexts are decoded, to quickly identify negotiation issues.

Wireshark

Staring with wireshark 1.1.xx, the DICOM dissector has many new features. is now fully functional. Also add info of additional Wireshark features where appropriate, like special statistics of this protocol.

Preference Settings

(XXX add links to preference settings affecting how DICOM is dissected).

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of DICOM display filter fields can be found in the display filter reference

  • Show only the DICOM based traffic:
     dicom

Capture Filter

You cannot directly filter DICOM protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.

  • Capture only the DICOM traffic over the default port (80):
     tcp port 104

Discussion

Protocols/dicom (last edited 2010-04-06 21:25:33 by GuyHarris)