This wiki has been migrated to and is now deprecated. Please use that site instead.

STANAG 4406 Military Messaging (s4406)

The STANAG 4406 Military Messaging is similar to the IPM Service defined in the civilian standards, X420. It includes extensions for services required in the military environment. These extensions are defined using the standard extension mechanism defined in X.420.

STANAG 4406 defines a new extended content type known as "P772" -

STANAG 4406 also utilises the Cryptographic Message Syntax CMS and the Enhanced Security Service ESS to define the Protecting Content Type (1.2.840.113549. support secure military messaging.


STANAG 4406 has gone through a number of versions but the current ratified version is Edition 1 (previously known as version 3).

Protocol dependencies

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).


The S4406 dissector is fully functional, though some features may not yet have been implemented in the X420 dissector.

Preference Settings

There are no preference settings specific to X420 but you might want to enable reassembly of those transport protocols that are used below X420. Specifically, COTP reassembly.

Example capture file

Display Filter

A complete list of S4406 display filter fields can be found in the display filter reference

Capture Filter

You cannot directly filter S4406 protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.


S4406 (last edited 2008-04-12 17:51:25 by localhost)