Wireshark-dev: [Wireshark-dev] Comstock Token Format Protocol

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Tom Brearley <tom.brearley@xxxxxxxxxxx>
Date: Thu, 20 Jul 2017 14:08:10 +0000 (UTC)
Dear WireShark Developers/Users

I was wondering if anyone out there had any experience with the ComStock Token Format protocol (CTF)? It is a financial protocol used to transmit real time data. It is used by companies such as Interactive Data/ICE for their data feeds.

I am a subscriber to such a data feed and am using WireShark to have a look at the TCP packets coming through the wire. I'm so far completely unable to decipher them (its possible that they are compressed - on a side note, could anyone point out if they are? I have attached some sample packets).

I am aware however that the feed uses this protocol. It works in such a way that a token number is used, along with the data, in the form "TOKENNUMBER=DATA", or as per the screenshot below, for a more real example "8=521"(where 8 would signify a trade price and 521 would be the trade price itself). I believe that these values will actually be encoded in the byte array.
A link to the full protocol is here:-

Does anyone have any information about protocols such as these? I would also be extremely grateful if someone could also have a look at the sample packet attached and tell me if I am missing something simple (such as compression/encryption - the first two bytes of most of the messages always seem to start with 153, 121 - not sure if this is a compression signature). Any help would be massively appreciated.

Tom




Inline image

Attachment: packet_sample.pcapng
Description: Binary data