STANAG 4406 Military Messaging (s4406)
The STANAG 4406 Military Messaging is similar to the IPM Service defined in the civilian standards, X420. It includes extensions for services required in the military environment. These extensions are defined using the standard extension mechanism defined in X.420.
STANAG 4406 defines a new extended content type known as "P772" - 220.127.116.11.4406.0.4.1.
STANAG 4406 also utilises the Cryptographic Message Syntax CMS and the Enhanced Security Service ESS to define the Protecting Content Type (1.2.840.113518.104.22.168.1.6) support secure military messaging.
STANAG 4406 has gone through a number of versions but the current ratified version is Edition 1 (previously known as version 3).
XXX - Add example traffic here (as plain text or Wireshark screenshot).
The S4406 dissector is fully functional, though some features may not yet have been implemented in the X420 dissector.
There are no preference settings specific to X420 but you might want to enable reassembly of those transport protocols that are used below X420. Specifically, COTP reassembly.
Example capture file
A complete list of S4406 display filter fields can be found in the display filter reference
Show only the S4406 based traffic:
You cannot directly filter S4406 protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.
Capture only the S4406 traffic over the default port (102):
tcp port 102
STANAG 4406 Ed 1 (Log-in required)