Hi,
> I'm a Spanish student of engineering in telecomunications (
> http://epsc.upc.edu/en/ ). I'm working with X.400, we are doing traffic
> captures with Wireshark, and we can't see all the information of the sent
> data. I'm attaching you the capture, to show you the problem. Here (in
> wireshark) it puts that if we need further information we can contact you,
> so that's what we are doing.
The OID (2.6.0.2.11) is the bind/unbind abstract syntax used by the
P3 protocol - see
http://www.itu.int/ITU-T/asn1/database/itu-t/x/x419/1999/MTSAccessProtocol.html#MTSAccessProtocol.mts-bind-unbind-abstract-syntax
By itself, this isn't enough information to determine whether it is
P3(88) or P3(94).
I would suspect 88 - but it would be useful if you could confirm (or
send a capture file).
> I also have another question. I want to know if I can decodify with
> wireshark the protocols P1 P3 and P7, used in X.400.
P1 and P7 are supported in Wireshark, but P3 is not currently supported.
However,
* P7 already uses the P3 submission operation,
* delivery operations are similar to submission operations;
* and P1 has similar bind operations
so it would not be too difficult to add - especially, as Stig notes,
with an example capture file.
Graeme