Differences between revisions 4 and 5
Revision 4 as of 2007-01-28 11:18:35
Size: 2867
Editor: 535424F6
Comment: Correct filter reference
Revision 5 as of 2008-04-12 17:50:21
Size: 2883
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
The X.400 Message Transfer Service provides for the exchange of messages between users on a store-and-forward basis. A message (see ["X420"]) submitted by one user (the originator) is transferred through the message transfer system (MTS) and delivered to one or more other users (the recipients). The X.400 Message Transfer Service provides for the exchange of messages between users on a store-and-forward basis. A message (see [[X420]]) submitted by one user (the originator) is transferred through the message transfer system (MTS) and delivered to one or more other users (the recipients).
Line 8: Line 8:
X.411 (or ISO 10021-4) is the equivalent of the IETF ["SMTP"] protocol. X.411 (or ISO 10021-4) is the equivalent of the IETF [[SMTP]] protocol.
Line 18: Line 18:
 * ["ROS"]: Typically, X.411 uses ["ROS"] during connection establishment (abstract syntax [http://oid.elibel.tm.fr/2.6.0.2.12 2.6.0.2.12]).
 * ["RTSE"]: Typically, X.411 uses ["RTSE"] during connection establishment (abstract syntax [http://oid.elibel.tm.fr/2.6.0.2.12 2.6.0.2.12]) and message transfer (abstract syntax [http://oid.elibel.tm.fr/2.6.0.2.7 2.6.0.2.7]).
 * ["ACSE"]: Typically, X.411 uses ["ACSE"] for association control (association context [http://oid.elibel.tm.fr/2.6.0.1.6 2.6.0.1.6])
 * ["COTP"]: Typically, X.411 uses ["COTP"] as its transport protocol. The well known TCP port for X.411 traffic is 102.
 * [[ROS]]: Typically, X.411 uses [[ROS]] during connection establishment (abstract syntax [[http://oid.elibel.tm.fr/2.6.0.2.12|2.6.0.2.12]]).
 * [[RTSE]]: Typically, X.411 uses [[RTSE]] during connection establishment (abstract syntax [[http://oid.elibel.tm.fr/2.6.0.2.12|2.6.0.2.12]]) and message transfer (abstract syntax [[http://oid.elibel.tm.fr/2.6.0.2.7|2.6.0.2.7]]).
 * [[ACSE]]: Typically, X.411 uses [[ACSE]] for association control (association context [[http://oid.elibel.tm.fr/2.6.0.1.6|2.6.0.1.6]])
 * [[COTP]]: Typically, X.411 uses [[COTP]] as its transport protocol. The well known TCP port for X.411 traffic is 102.
Line 37: Line 37:
 * attachment:SampleCaptures/p772-transfer-success.pcap  * [[attachment:SampleCaptures/p772-transfer-success.pcap]]
Line 40: Line 40:
A complete list of PROTO display filter fields can be found in the [http://www.wireshark.org/docs/dfref/x/x411.html display filter reference] A complete list of PROTO display filter fields can be found in the [[http://www.wireshark.org/docs/dfref/x/x411.html|display filter reference]]
Line 52: Line 52:
 * [http://www.itu.int/ITU-T/asn1/database/itu-t/x/x411/1999/index.html ASN.1 Specification from ITU]  * [[http://www.itu.int/ITU-T/asn1/database/itu-t/x/x411/1999/index.html|ASN.1 Specification from ITU]]

X.400 Message Transfer Service (x411)

The X.400 Message Transfer Service provides for the exchange of messages between users on a store-and-forward basis. A message (see X420) submitted by one user (the originator) is transferred through the message transfer system (MTS) and delivered to one or more other users (the recipients).

The MTS comprises a number of message-transfer-agents (MTAs), which transfer messages and deliver them to their intended recipients.

X.411 (or ISO 10021-4) is the equivalent of the IETF SMTP protocol.

History

X.400 was first jointly defined by CCITT and ISO in 1984 and subsequently refined in 1988. Whilst there have been subsequent revisions, the X.400(88) version remains the baseline for most systems. The latest version of X.411 is 1999.

Whilst it was designed to be the world's messaging system, designed by the world's PTTs, the IETF standards now dominate. However X.400 is still used within some environments such as military, aviation and banking.

Protocol dependencies

  • ROS: Typically, X.411 uses ROS during connection establishment (abstract syntax 2.6.0.2.12).

  • RTSE: Typically, X.411 uses RTSE during connection establishment (abstract syntax 2.6.0.2.12) and message transfer (abstract syntax 2.6.0.2.7).

  • ACSE: Typically, X.411 uses ACSE for association control (association context 2.6.0.1.6)

  • COTP: Typically, X.411 uses COTP as its transport protocol. The well known TCP port for X.411 traffic is 102.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The X411 dissector is fully functional but will benefit from some additional "summary" displays of some of the fields. For example, it would be useful to display a string representation of the X.400 addresses, rather than having to examine each individual component.

Preference Settings

There are no preference settings specific to X411 but you might want to enable reassembly of those transport protocols that are used below X411. Specifically, COTP reassembly.

Example capture file

Display Filter

A complete list of PROTO display filter fields can be found in the display filter reference

  • Show only the X411 based traffic:

     x411

Capture Filter

  • Capture only the X411 traffic over the default port (102):

     tcp port 102

Discussion

X411 (last edited 2008-04-12 17:50:21 by localhost)