Hi,
I’m quite new to using wireshark and have a question about some output for the COTP protocol.
I tried to find an answer in the wireshark documentation and in the archives but could not come up with a full answer.
To keep the length of this message within limits I’ve not included the full output of Wireshark and for reason of company rules I had to remove the full IP numbers. I hope I’ve not left out some essential parts but if needed, I still have all the data available. I just hope someone can help me with my questions. (Thanks in advance!)
Here is information on the frames I have questions about.
34 7.878448 A.B.C.10 A.B.C.204 COTP 76 CR TPDU src-ref: 0x0021 dst-ref: 0x0000
35 7.884993 A.B.C.204 A.B.C.10 COTP 76 CC TPDU src-ref: 0x0800 dst-ref: 0x0021
36 7.885090 A.B.C.10 A.B.C.204 MMS 245 initiate-RequestPDU
Frame 36: 245 bytes on wire (1960 bits), 245 bytes captured (1960 bits)
...
ISO 8073 COTP Connection-Oriented Transport Protocol
Length: 2
PDU Type: DT Data (0x0f)
[Destination reference: 0x40000]
.000 0000 = TPDU number: 0x00
1... .... = Last data unit: Yes
...
The highlighted bytes for the COTP data.
0000 02 f0 80 ...
All is clear except the line “[Destination reference: 0x40000]”
The ‘[‘ and ‘]’ suggest that Wireshark did add this line to the output and that the data is not from the frame itself.
The ‘Destination reference’ and the value to it is the bit I have problems with.
1) COTP knows a dst-ref and “Destination reference” here might be the same but is that the case?
2) A value of 0x40000 for dst-ref is impossible, a dst-ref is two bytes long.
3) If this reference to “Destination reference” is equal to dst-ref then its value should be 0x0800
4) Where does the value 0x40000 come from? The COTP part in the frame is only 3 bytes long and this value is not in it!
What am I missing here?
Similar case, another tracefile.
9 5.371056 A.B.C.10 A.B.C.200 COTP 76 CR TPDU src-ref: 0x0021 dst-ref: 0x0000
10 5.397558 A.B.C.200 A.B.C.10 COTP 76 CC TPDU src-ref: 0x0002 dst-ref: 0x0021
11 5.397633 A.B.C.10 A.B.C.200 MMS 245 initiate-RequestPDU
Frame 11: 245 bytes on wire (1960 bits), 245 bytes captured (1960 bits)
...
ISO 8073 COTP Connection-Oriented Transport Protocol
Length: 2
PDU Type: DT Data (0x0f)
[Destination reference: 0x0000]
.000 0000 = TPDU number: 0x00
1... .... = Last data unit: Yes
...
The highlighted bytes for the COTP data.
0000 02 f0 80 ...
5) A value of 0x0000 for dst-ref is illegal, a value of 0x0000 is only allowed during negotiation (CR/CC sequence in frames 9 and 10)
6) If this reference to “Destination reference” is equal to dst-ref then its value should be 0x0002
7) Where does the value 0x0000 come from? The COTP part in the frame is only 3 bytes long and this value is not in it!
Kind regards,
André Steenveld.
