ISO transport services on top of the TCP (TPKT)
"Emulate" ISO transport services COTP on top of TCP. The two major points missing in TCP (compared to COTP) are the TSAP addressing and the detection of packet boundaries on the receiving host. See the IsoProtocolFamily page for an overview.
As TCP becomes more and more popular (around 1995?), a mechanism was needed to encapsulate ISO services on top of TCP transport, as both protocols have similiar tasks and COTP was becoming obsolete these days.
The TPKT dissector is fully functional.
* Wether TPKT packets spanning multiple TCP segments should be reassembled or not, for VoIP traffic this setting is essential.
Example capture file
XXX - Add a simple example capture file to the SampleCaptures page and link from here. Keep it short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
A complete list of TPKT display filter fields can be found in the display filter reference
- Show only the TPKT based traffic:
You can filter TPKT protocols while capturing, as it's always using TCP port 102.
- Capture only the TPKT based traffic (you will only see TPKT, but not additions like the corresponding ARP packets):
tcp port 102
RFC2126 ISO Transport Service on top of TCP (ITOT)
RFC983 ISO Transport Services on Top of the TCP