X.400 Message Transfer Service (x411)

The X.400 Message Transfer Service provides for the exchange of messages between users on a store-and-forward basis. A message (see X420) submitted by one user (the originator) is transferred through the message transfer system (MTS) and delivered to one or more other users (the recipients).

The MTS comprises a number of message-transfer-agents (MTAs), which transfer messages and deliver them to their intended recipients.

X.411 (or ISO 10021-4) is the equivalent of the IETF SMTP protocol.


X.400 was first jointly defined by CCITT and ISO in 1984 and subsequently refined in 1988. Whilst there have been subsequent revisions, the X.400(88) version remains the baseline for most systems. The latest version of X.411 is 1999.

Whilst it was designed to be the world's messaging system, designed by the world's PTTs, the IETF standards now dominate. However X.400 is still used within some environments such as military, aviation and banking.

Protocol dependencies

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).


The X411 dissector is fully functional but will benefit from some additional "summary" displays of some of the fields. For example, it would be useful to display a string representation of the X.400 addresses, rather than having to examine each individual component.

Preference Settings

There are no preference settings specific to X411 but you might want to enable reassembly of those transport protocols that are used below X411. Specifically, COTP reassembly.

Example capture file

Display Filter

A complete list of PROTO display filter fields can be found in the display filter reference

Show only the X411 based traffic:


Capture Filter

Capture only the X411 traffic over the default port (102):

 tcp port 102

External links


Imported from https://wiki.wireshark.org/X411 on 2020-08-11 23:27:47 UTC