This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 1 and 2
Revision 1 as of 2013-10-02 18:40:26
Size: 3104
Comment:
Revision 2 as of 2013-10-02 18:49:14
Size: 3017
Comment:
Deletions are marked like this. Additions are marked like this.
Line 33: Line 33:
 Show only the PROTO based traffic: {{{  Show only the s5066dts based traffic: {{{
Line 38: Line 38:
You cannot directly filter PROTO protocols while capturing. However, if you know the [[TCP]] port used (see above), you can filter on that one. You cannot directly filter s5066dts protocols while capturing. However, if you know the [[TCP]] port used (see above), you can filter on that one.
Line 40: Line 40:
 Capture only the PROTO traffic over the default port (80): {{{
 tcp port 80 }}}
 Capture only the s5066dts traffic over the default port (5067): {{{
 tcp port 5067 }}}
Line 45: Line 45:
 * add link to PROTO specification and where to find additional info on the web about it, e.g.:
 * [[http://www.ietf.org/rfc/rfc123.txt|RFC 123]] ''The RFC title'' - explanation of the RFC content.

== Discussion ==
 * [[http://www.isode.com/whitepapers/stanag-5066.html]]
 * [[http://ham.zmailer.org/oh2mqk/HF-data/stanag5066.pdf]]

STANAG 5066 Data Transfer Sublayer (S5066_DTS)

STANAG 5066 (Profile for High Frequency (HF) Radio Data Communication) is a NATO protocol stack definition operated over HF modem/radio equipment. S5066 provides standard clients over SIS(Subnetwork Interface Sublayer) and an IP mapping/adaptation sublayer in order to make use of conventional IP applications in a transparent way.

History

There exist three editions of STANAG 5066 protocol specification. Edition 1, and Edition 2 radios do not attempt to transmit when it is known that another radio is transmitting. When there is silence, if two radios start transmitting together, they conflict with each other and all data is lost. It means that the data exchange is node to node and no more than two peers may not communicate at the same time. With the release of STANAG 5066 Edition 3, this problem was resolved by using two genuine MAC methos, CSMA and HFTRP.

The DTS layers are same for Edition 1 and 2 but a new feature, especially two medium access control methods named as HFTRP(High Frequency Token Ring Protocol) and CSMA(Carrier Sense Multiple Access) that can be used interchangeably, was added to DTS layer of the STANAG 5066 Edition 3. In effect, the DTS sublayer of the Edition 3 is backward compatible with the old protocol editions(1,2).

Protocol dependencies

  • TCP: When used with IP encapsulation(configurable), s5066dts uses TCP as its transport protocol. The well known TCP port for s5066dts traffic is 5067.

  • Otherwise: D_PDUs captured directly from the line(configurable as well) with pcap encapsulation. Link name is registered as DLT_STANAG_5066_D_PDU.

Wireshark

The s5066dts dissector is fully functional.

Preference Settings

  • When you want dissect TCP encapsulated STANAG 5066 DPDUs, you need to configure and check "Dissect STANAG 5066 DPDUs with prepending TCP headers" option.

  • Otherwise, when you want to dissect STANAG 5066 DPDUs that are captured directly from the line, you need to uncheck "Dissect STANAG 5066 DPDUs with prepending TCP headers" option.

Example capture file

Display Filter

A complete list of s5066dts display filter fields can be found in the display filter reference

  • Show only the s5066dts based traffic:

     s5066dts 

Capture Filter

You cannot directly filter s5066dts protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.

  • Capture only the s5066dts traffic over the default port (5067):

     tcp port 5067 

STANAG_5066_DTS (last edited 2013-10-04 12:21:29 by İbrahim Can Yüce)