This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 1 and 5 (spanning 4 versions)
Revision 1 as of 2013-10-02 18:40:26
Size: 3104
Comment:
Revision 5 as of 2013-10-02 19:10:41
Size: 3170
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
Line 7: Line 6:
Line 13: Line 11:
Line 18: Line 15:

The s5066dts dissector is fully functional. 
The s5066dts dissector is fully functional.
Line 22: Line 18:
 * When you want to dissect TCP encapsulated '''STANAG 5066''' DPDUs, you need to configure and check "Dissect STANAG 5066 DPDUs with prepending TCP headers" option.
 * Otherwise, when you want to dissect '''STANAG 5066''' DPDUs that are captured directly from the line, you need to uncheck "Dissect STANAG 5066 DPDUs with prepending TCP headers" option.
Line 23: Line 21:
 * When you want dissect TCP encapsulated '''STANAG 5066''' DPDUs, you need to configure and check "Dissect STANAG 5066 DPDUs with prepending TCP headers" option.
 * Otherwise, when you want to dissect '''STANAG 5066''' DPDUs that are captured directly from the line, you need to uncheck "Dissect STANAG 5066 DPDUs with prepending TCP headers" option.
Line 27: Line 23:
 * [[attachment:SampleCaptures/Stanag5066-RAW-ENCAP-Bftp-Exchange-tx.pcap]]
 * [[attachment:SampleCaptures/Stanag5066-TCP-ENCAP-Bftp-Exchange-tx-rx.pcapng]]
 * [[attachment:SampleCaptures/Stanag5066-RAW-ENCAP-Bftp-Exchange-tx.pcap]] - BFTP file transfer exchange D_PDUs captured directly from the line
 * [[attachment:SampleCaptures/Stanag5066-TCP-ENCAP-Bftp-Exchange-tx-rx.pcapng]] - BFTP file transfer exchange D_PDUs encapsulated in TCP, then handed off to S5066 dissector
Line 33: Line 29:
 Show only the PROTO based traffic: {{{
 s5066dts }}}
 . Show only the s5066dts based traffic:
{{{
 s5066dts
}}}
Line 37: Line 35:
You cannot directly filter s5066dts protocols while capturing. However, if you know the [[TCP]] port used (see above), you can filter on that one.
Line 38: Line 37:
You cannot directly filter PROTO protocols while capturing. However, if you know the [[TCP]] port used (see above), you can filter on that one.

 Capture only the PROTO traffic over the default port (80): {{{
 tcp port 80 }}}
 . Capture only the s5066dts traffic over the default port (5067):
 {{{
 tcp port 5067
}}}
Line 44: Line 43:

 * add link to PROTO specification and where to find additional info on the web about it, e.g.:
 * [[http://www.ietf.org/rfc/rfc123.txt|RFC 123]] ''The RFC title'' - explanation of the RFC content.

== Discussion ==
 * http://www.isode.com/whitepapers/stanag-5066.html
 * http://ham.zmailer.org/oh2mqk/HF-data/stanag5066.pdf

STANAG 5066 Data Transfer Sublayer (S5066_DTS)

STANAG 5066 (Profile for High Frequency (HF) Radio Data Communication) is a NATO protocol stack definition operated over HF modem/radio equipment. S5066 provides standard clients over SIS(Subnetwork Interface Sublayer) and an IP mapping/adaptation sublayer in order to make use of conventional IP applications in a transparent way.

History

There exist three editions of STANAG 5066 protocol specification. Edition 1, and Edition 2 radios do not attempt to transmit when it is known that another radio is transmitting. When there is silence, if two radios start transmitting together, they conflict with each other and all data is lost. It means that the data exchange is node to node and no more than two peers may not communicate at the same time. With the release of STANAG 5066 Edition 3, this problem was resolved by using two genuine MAC methos, CSMA and HFTRP.

The DTS layers are same for Edition 1 and 2 but a new feature, especially two medium access control methods named as HFTRP(High Frequency Token Ring Protocol) and CSMA(Carrier Sense Multiple Access) that can be used interchangeably, was added to DTS layer of the STANAG 5066 Edition 3. In effect, the DTS sublayer of the Edition 3 is backward compatible with the old protocol editions(1,2).

Protocol dependencies

  • TCP: When used with IP encapsulation(configurable), s5066dts uses TCP as its transport protocol. The well known TCP port for s5066dts traffic is 5067.

  • Otherwise: D_PDUs captured directly from the line(configurable as well) with pcap encapsulation. Link name is registered as DLT_STANAG_5066_D_PDU.

Wireshark

The s5066dts dissector is fully functional.

Preference Settings

  • When you want to dissect TCP encapsulated STANAG 5066 DPDUs, you need to configure and check "Dissect STANAG 5066 DPDUs with prepending TCP headers" option.

  • Otherwise, when you want to dissect STANAG 5066 DPDUs that are captured directly from the line, you need to uncheck "Dissect STANAG 5066 DPDUs with prepending TCP headers" option.

Example capture file

Display Filter

A complete list of s5066dts display filter fields can be found in the display filter reference

  • Show only the s5066dts based traffic:
     s5066dts

Capture Filter

You cannot directly filter s5066dts protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.

  • Capture only the s5066dts traffic over the default port (5067):
     tcp port 5067

STANAG_5066_DTS (last edited 2013-10-04 12:21:29 by İbrahim Can Yüce)