This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 2 and 7 (spanning 5 versions)
Revision 2 as of 2005-02-07 14:15:11
Size: 1850
Comment:
Revision 7 as of 2008-10-06 17:16:31
Size: 2182
Editor: gadget00
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:

"Emulate" ISO transport services ["COTP"] on top of ["TCP"]. The two major points missing in TCP (compared to ["COTP"]) are the TSAP addressing and the detection of packet boundaries on the receiving host. See the IsoProtocolFamily page for an overview.
"Emulate" ISO transport services [[COTP]] on top of [[TCP]]. The two major points missing in TCP (compared to [[COTP]]) are the TSAP addressing and the detection of packet boundaries on the receiving host. See the IsoProtocolFamily page for an overview.
Line 7: Line 6:

As TCP becomes more and more popular (around 1995?), a mechanism was needed to encapsulate ISO services on top of TCP transport, as both protocols have similiar tasks and ["COTP"] was becoming obsolete these days.
As TCP becomes more and more popular (around 1995?), a mechanism was needed to encapsulate ISO services on top of TCP transport, as both protocols have similiar tasks and [[COTP]] was becoming obsolete these days.
Line 11: Line 9:

* ["TCP"]: Typically, TPKT uses ["TCP"] as its transport protocol. The well known TCP port for TPKT traffic is 102.
 * [[TCP]]: Typically, TPKT uses [[TCP]] as its transport protocol. The well known TCP port for TPKT traffic is 102.
Line 15: Line 12:
{{attachment:TPKT Traffic Example.png}}
Line 16: Line 14:
XXX - Add example traffic here (as plain text or Ethereal screenshot).

== Ethereal ==
== Wireshark ==
Line 23: Line 18:
Line 27: Line 21:

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Ethereal can open gzipped files automatically.
XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
Line 31: Line 24:
A complete list of TPKT display filter fields can be found in the [http://www.ethereal.com/docs/dfref/t/tpkt.html display filter reference] A complete list of TPKT display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/t/tpkt.html|display filter reference]]
Line 33: Line 26:
 Show only the TPKT based traffic: {{{
 tpkt }}}
 . Show only the TPKT based traffic:
{{{
 tpkt
}}}
Line 37: Line 32:
Line 40: Line 34:
 Capture only the TPKT based traffic (you will only see TPKT, but not additions like the corresponding ARP packets): {{{
 tcp port 102 }}}
 . Capture only the TPKT based traffic (you will only see TPKT, but not additions like the corresponding ARP packets):
{{{
 tcp port 102
}}}
Line 44: Line 40:
 * [[http://www.ietf.org/rfc/rfc1006.txt?number=1006|RFC1006]] ''ISO Transport Service on top of the TCP Version: 3'', based on ISO 8073 which is available as [[http://www.ietf.org/rfc/rfc0905.txt|RFC905]]
 * [[http://www.ietf.org/rfc/rfc2126.txt?number=2126|RFC2126]] ''ISO Transport Service on top of TCP (ITOT)''
Line 45: Line 43:
 * [http://www.ietf.org/rfc/rfc2126.txt?number=2126 RFC2126] Obsolete:

 * [[http://www.ietf.org/rfc/rfc983.txt|RFC983]] ''ISO Transport Services on Top of the TCP''

ISO transport services on top of the TCP (TPKT)

"Emulate" ISO transport services COTP on top of TCP. The two major points missing in TCP (compared to COTP) are the TSAP addressing and the detection of packet boundaries on the receiving host. See the IsoProtocolFamily page for an overview.

History

As TCP becomes more and more popular (around 1995?), a mechanism was needed to encapsulate ISO services on top of TCP transport, as both protocols have similiar tasks and COTP was becoming obsolete these days.

Protocol dependencies

  • TCP: Typically, TPKT uses TCP as its transport protocol. The well known TCP port for TPKT traffic is 102.

Example traffic

TPKT Traffic Example.png

Wireshark

The TPKT dissector is fully functional.

Preference Settings

* Wether TPKT packets spanning multiple TCP segments should be reassembled or not, for VoIP traffic this setting is essential.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of TPKT display filter fields can be found in the display filter reference

  • Show only the TPKT based traffic:
     tpkt

Capture Filter

You can filter TPKT protocols while capturing, as it's always using TCP port 102.

  • Capture only the TPKT based traffic (you will only see TPKT, but not additions like the corresponding ARP packets):
     tcp port 102

  • RFC1006 ISO Transport Service on top of the TCP Version: 3, based on ISO 8073 which is available as RFC905

  • RFC2126 ISO Transport Service on top of TCP (ITOT)

Obsolete:

  • RFC983 ISO Transport Services on Top of the TCP

Discussion

TPKT (last edited 2008-10-06 17:16:31 by gadget00)