How to Analyze Network Protocols, Learn More >>

Being able to support more than 300 protocols in the latest version, Capsa Network Sniffer make it easy to analyze protocols in network and understand what is happening.

Recommend Network Analysis Software >>


RFC 1013 http://tools.ietf.org/html/rfc1013

The X-Window protocol provides a remote windowing interface to distributed network applications. It is an application layer protocol which uses TCP/IP or DECnet protocols for transport.

The X-Window networking protocol is client-server based, where the server is the control program running on the user workstation and the client is an application running elsewhere on the network. An X-server control program running on a workstation can simultaneously handle display windows for multiple applications, with each application asynchronously updating its window with information carried by the X-Window networking protocol.

To provide user interaction with remote applications, the X-server program running on the workstation generates events in response to user input such as mouse movement or a keystroke. When multiple applications display, the system sends mouse movements or click events to the application currently highlighted by the mouse pointer. The current input focus selects which application receives keystroke events. In certain cases, applications can also generate events directed at the X-server control program.

Request and Reply Frames

Request and reply frames can use the following commands:

Command Description
BackRGB Background colors listed in red, green and blue components.
BackPM Pixel map used for the window background.
BellPitch Bell pitch.
BellVol Bell volume in percent.
BM Bit mask assigned to a drawable item.
BordPM Border pixel map. Pixel map used for the window border.
b Border width of the drawable item.
Click Key click volume in percent.
Ord Click order. Drawable clip order, as <Unsorted>, <Y-sorted>, <YX-sorted> or <YX-banded>.
CMap Color map. Code representing the colors in use for a drawable.
CID Context ID. Identifier for a particular graphics context.
Cur Cursor. Reference code identifying a specific cursor.
d Depth. Current window depth.
DD Destination drawable. Target item in a bitmap copy.
D Drawable. Reference code used to identify a specific window or pixel map.
Exp Exposures. Drawable currently exposed.
Fam Protocol family in use, as Internet, DECnet, or CHAOSnet.
Font Reference code used to specify a font.
Font(a,d) Font ascent/descent. The vertical bounds of a font.
ForeRGB Foreground colors listed in red, green, and blue components.
Fmt Format of the current window.
GC Graphics context. Reference code used to identify a particular graphical definition.
h Height of the drawable item.
Key Key code. Specific key code value.
KeySym Code used to identify the family of key codes in use.
MinOp X-Windows minor operation code.
MajOp X-Windows major operation code.
N Number of drawable items in the list.
P Parent window. Window that produced the current window.
PixMap Pixel map. Reference code used to identify a bitmap region.
p Plane. Bit plane in use.
PM Plane max. Bit plane mask assigned to a drawable item.
Prop Property. Specified window property.
SW Sibling window. Window produced from this window.
SD Source drawable. Source item in a bitmap copy.
T/O Screen saver time out.
Typ Type of current window.
w Width of drawable item.
W Window. Reference code used to identify a particular window.
X X-coordinate for a drawable item.
Y Y-coordinate for a drawable item.

Event Frames

Event frames can have the following commands:

Command Description
Btn Button number pressed.
C Child window associated with the event.
F Event flags. Set flags display in upper-case and inactive flags display in lower-case:
f,F Input focus applies to the event.
s,S Event is on the same screen. 
E(x,y) Event location. The X and Y coordinates of the event.
E Event window. Window where the event occurred.
Key Key number. Number associated with the pressed key.
O Owner of the window associated with the event.
R Root window associated with the event.
R(x,y) Root location. X and Y coordinates of the root position.
SN Sequence number used to serialize events.

Vulnerabilities for this protocol (from CVE)

CVE ID Protocol Source Port Targetport

TCP/IP Protocols:

AHARP/RARPATMPBGP-4COPSDCAPDHCPDNS
DVMRPEGPEIGRPESPFANPFingerFTPHSRP
HTTPICMPICMPv6IGMPIGRPIMAP4IPIPDC
IPv6ISAKMPL2FL2TPLDAPMARSMobile IPNARP
NetBIOS/IPNHRPNTPOSPFPIMPOP3PPTPRadius
RIP2RIPng for IPv6RLOGINRSVPRTSPRUDPS-HTTPSCTP
SLPSMTPSNMPSOCKS V5TACACSTALITCPTELNET
TFTPUDPVan JacobsonVRRPWCCPX-WindowXOT