How to Analyze Network Protocols, Learn More >>

Being able to support more than 300 protocols in the latest version, Capsa Network Sniffer make it easy to analyze protocols in network and understand what is happening.

Recommend Network Analysis Software >>


RFC 2114 http://tools.ietf.org/html/rfc2114

The (DLSw) Data Link Switching Client Access Protocol is used between workstations and routers to transport SNA/NetBIOS traffic over TCP sessions.

Since the Data Link Switching Protocol, RFC 1795, was published, some software vendors have begun implementing DLSw on workstations. The implementation of DLSw on a large number of workstations raises the important issues of scalability and efficiency. Since DLSw is a switch-to-switch protocol, it is not efficient when implemented on workstations. DCAP addresses these issues. It introduces a hierarchical structure to resolve the scalability problems. All workstations are clients to the router (server) rather than peers to the router. This creates a client/server model. It also provides a more efficient protocol between the workstation (client) and the router (server).

(Application layer)

DCAP Packet Header

The DCAP packet header is used to identify the message type and length of the frame. This is a general purpose header used for each frame that is passed between the DCAP server and the clien

8 16
Protocol ID/Version Number Message Type
Packet Length
 
DCAP Header Format 
 

Protocol ID
The Protocol ID uses the first 4 bits of this field and is set to 1000.

Version number
The Version number uses the next 4 bits in this field and is set to 0001.

Message type
The message type is the DCAP message type.

The following message types exist:

DCAP Frame Name  

Code 

Function 

CAN U REACH 0x01 Find if the station given is reachable
I CAN REACH 0x02 Positive response to CAN U REACH
I CANNOT REACH 0x03 Negative response to CAN U REACH
START DL 0x04 Setup session for given addresses
DL STARTED 0x05 Session started
START DL FAILED 0x06 Session Start failed
XID FRAME 0x07 XID frame
CONTACT STN 0x08 Contact destination to establish SABME
STN CONTACTED 0x09 Station contacted - SABME mode set
DATA FRAME 0x0A Connectionless Data Frame for a link
INFO FRAME 0x0B Connection oriented I-Frame
HALT DL 0x0C Halt Data Link session
HALT DL NOACK 0x0D Halt Data Link session without ack
DL HALTED 0x0E Session halted
FCM FRAME 0x0F Data Link Session Flow Control Message
DGRM FRAME 0x11 Connectionless Datagram Frame for circuit
CAP XCHANGE 0x12 Capabilities Exchange Message
CLOSE PEER REQUEST 0x13 Disconnect Peer Connection Request
CLOSE PEER RESPONSE 0x14 Disconnect Peer Connection Response
PEER TEST REQ 0x1D Peer keepalive test request
PEER TEST RSP 0x1E Peer keepalive response

Packet length
The total packet length is the length of the packet including the DCAP header, DCAP data and user data. The minimum size of the packet is 4, which is the length of the header.

Vulnerabilities for this protocol (from CVE)

CVE ID Protocol Source Port Targetport

TCP/IP Protocols:

AHARP/RARPATMPBGP-4COPSDCAPDHCPDNS
DVMRPEGPEIGRPESPFANPFingerFTPHSRP
HTTPICMPICMPv6IGMPIGRPIMAP4IPIPDC
IPv6ISAKMPL2FL2TPLDAPMARSMobile IPNARP
NetBIOS/IPNHRPNTPOSPFPIMPOP3PPTPRadius
RIP2RIPng for IPv6RLOGINRSVPRTSPRUDPS-HTTPSCTP
SLPSMTPSNMPSOCKS V5TACACSTALITCPTELNET
TFTPUDPVan JacobsonVRRPWCCPX-WindowXOT