This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.

Digital Imaging and Communications in Medicine (DICOM)

Wikipedia has a very good high level description about DICOM and the protocol specifications can be found at the DICOM Homepage. This page will focus on wireshark specific topics.

History

XXX - add a brief description of DICOM history

Protocol dependencies

Example traffic

Following screenshot shows a DICOM communication containing a C-ECHO followed by C-STORE request.

dicom_assoc_accept.png

The accepted or rejected presentation contexts are decoded, to quickly identify negotiation issues.

Wireshark

Starting with wireshark 1.1.xx, the DICOM dissector has many new features.

DICOM Export

First make sure to have a valid DICOM capture, including Association Request. Then, select File -> Export -> Objects -> DICOM.

Conformance statement

For the DICOM Export, following UIDs are used. Since the SOP Class UID (0008,0016) and SOP Instance UID (0008,0018) are mandatory elements in the meta header, they are created if needed.

Preference Settings

Following settings are available to influence DICOM dissection its data display.

dicom_default_pref.png

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of DICOM display filter fields can be found in the display filter reference

Capture Filter

You cannot directly filter DICOM protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.

Discussion