This wiki has been migrated to and is now deprecated. Please use that site instead.
Differences between revisions 4 and 5
Revision 4 as of 2006-06-05 03:19:28
Size: 2018
Editor: localhost
Revision 5 as of 2006-07-21 12:11:03
Size: 2212
Editor: 194
Comment: add some more reference links
Deletions are marked like this. Additions are marked like this.
Line 45: Line 45:
 * [ RFC1006] ''ISO Transport Service on top of the TCP Version: 3''  * [ RFC1006] ''ISO Transport Service on top of the TCP Version: 3'', based on ISO 8073 which is available as [ RFC905]
Line 48: Line 48:

 * [ RFC983] ''ISO Transport Services on Top of the TCP''

ISO transport services on top of the TCP (TPKT)

"Emulate" ISO transport services ["COTP"] on top of ["TCP"]. The two major points missing in TCP (compared to ["COTP"]) are the TSAP addressing and the detection of packet boundaries on the receiving host. See the IsoProtocolFamily page for an overview.


As TCP becomes more and more popular (around 1995?), a mechanism was needed to encapsulate ISO services on top of TCP transport, as both protocols have similiar tasks and ["COTP"] was becoming obsolete these days.

Protocol dependencies

  • ["TCP"]: Typically, TPKT uses ["TCP"] as its transport protocol. The well known TCP port for TPKT traffic is 102.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).


The TPKT dissector is fully functional.

Preference Settings

* Wether TPKT packets spanning multiple TCP segments should be reassembled or not, for VoIP traffic this setting is essential.

Example capture file

XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.

Display Filter

A complete list of TPKT display filter fields can be found in the [ display filter reference]

  • Show only the TPKT based traffic:


Capture Filter

You can filter TPKT protocols while capturing, as it's always using TCP port 102.

  • Capture only the TPKT based traffic (you will only see TPKT, but not additions like the corresponding ARP packets):

     tcp port 102 



TPKT (last edited 2008-10-06 17:16:31 by gadget00)