STANAG 4406 Military Messaging (s4406)

The STANAG 4406 Military Messaging is similar to the IPM Service defined in the civilian standards, X420. It includes extensions for services required in the military environment. These extensions are defined using the standard extension mechanism defined in X.420.

STANAG 4406 defines a new extended content type known as "P772" -

STANAG 4406 also utilises the Cryptographic Message Syntax CMS and the Enhanced Security Service ESS to define the Protecting Content Type (1.2.840.113549. support secure military messaging.


STANAG 4406 has gone through a number of versions but the current ratified version is Edition 1 (previously known as version 3).

Protocol dependencies

  • X411: Typically, S4406 uses X411 as its transport protocol.

  • X420: S4406 uses the base definition X420 and its extension mechanisms

  • CMS and ESS: S4406 uses CMS and ESS to sign and label a military message.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).


The S4406 dissector is fully functional, though some features may not yet have been implemented in the X420 dissector.

Preference Settings

There are no preference settings specific to X420 but you might want to enable reassembly of those transport protocols that are used below X420. Specifically, COTP reassembly.

Example capture file

Display Filter

A complete list of S4406 display filter fields can be found in the display filter reference

Show only the S4406 based traffic:


Capture Filter

You cannot directly filter S4406 protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.

Capture only the S4406 traffic over the default port (102):

 tcp port 102 

External links


Imported from on 2020-08-11 23:24:17 UTC