|
|
# X.400 Message Transfer Service (x411)
|
|
|
|
|
|
The X.400 Message Transfer Service provides for the exchange of messages between users on a store-and-forward basis. A message (see [X420](/X420)) submitted by one user (the originator) is transferred through the message transfer system (MTS) and delivered to one or more other users (the recipients).
|
|
|
|
|
|
The MTS comprises a number of message-transfer-agents (MTAs), which transfer messages and deliver them to their intended recipients.
|
|
|
|
|
|
X.411 (or ISO 10021-4) is the equivalent of the IETF [SMTP](/SMTP) protocol.
|
|
|
|
|
|
## History
|
|
|
|
|
|
X.400 was first jointly defined by CCITT and ISO in 1984 and subsequently refined in 1988. Whilst there have been subsequent revisions, the X.400(88) version remains the baseline for most systems. The latest version of X.411 is 1999.
|
|
|
|
|
|
Whilst it was designed to be the world's messaging system, designed by the world's PTTs, the IETF standards now dominate. However X.400 is still used within some environments such as military, aviation and banking.
|
|
|
|
|
|
## Protocol dependencies
|
|
|
|
|
|
- [ROS](/ROS): Typically, X.411 uses [ROS](/ROS) during connection establishment (abstract syntax [2.6.0.2.12](http://oid.elibel.tm.fr/2.6.0.2.12)).
|
|
|
|
|
|
- [RTSE](/RTSE): Typically, X.411 uses [RTSE](/RTSE) during connection establishment (abstract syntax [2.6.0.2.12](http://oid.elibel.tm.fr/2.6.0.2.12)) and message transfer (abstract syntax [2.6.0.2.7](http://oid.elibel.tm.fr/2.6.0.2.7)).
|
|
|
|
|
|
- [ACSE](/ACSE): Typically, X.411 uses [ACSE](/ACSE) for association control (association context [2.6.0.1.6](http://oid.elibel.tm.fr/2.6.0.1.6))
|
|
|
|
|
|
- [COTP](/COTP): Typically, X.411 uses [COTP](/COTP) as its transport protocol. The well known TCP port for X.411 traffic is 102.
|
|
|
|
|
|
## Example traffic
|
|
|
|
|
|
XXX - Add example traffic here (as plain text or Wireshark screenshot).
|
|
|
|
|
|
## Wireshark
|
|
|
|
|
|
The X411 dissector is fully functional but will benefit from some additional "summary" displays of some of the fields. For example, it would be useful to display a string representation of the X.400 addresses, rather than having to examine each individual component.
|
|
|
|
|
|
## Preference Settings
|
|
|
|
|
|
There are no preference settings specific to X411 but you might want to enable reassembly of those transport protocols that are used below X411. Specifically, COTP reassembly.
|
|
|
|
|
|
## Example capture file
|
|
|
|
|
|
- [SampleCaptures/p772-transfer-success.pcap](uploads/__moin_import__/attachments/SampleCaptures/p772-transfer-success.pcap)
|
|
|
|
|
|
## Display Filter
|
|
|
|
|
|
A complete list of PROTO display filter fields can be found in the [display filter reference](http://www.wireshark.org/docs/dfref/x/x411.html)
|
|
|
|
|
|
Show only the X411 based traffic:
|
|
|
|
|
|
```
|
|
|
x411
|
|
|
```
|
|
|
|
|
|
## Capture Filter
|
|
|
|
|
|
Capture only the X411 traffic over the default port (102):
|
|
|
|
|
|
```
|
|
|
tcp port 102
|
|
|
```
|
|
|
|
|
|
## External links
|
|
|
|
|
|
- [ASN.1 Specification from ITU](http://www.itu.int/ITU-T/asn1/database/itu-t/x/x411/1999/index.html)
|
|
|
|
|
|
## Discussion
|
|
|
|
|
|
---
|
|
|
|
|
|
Imported from https://wiki.wireshark.org/X411 on 2020-08-11 23:27:47 UTC |