The X.420 protocol describes the content of a message that is transferred of an X.400 Message Transfer System. It is one of a number of the defined content types that can be carried over X.400, which includes S4406 and EDI.
It is equivalent to the IETF Internet Message Format (IMF) and Multipurpose Internet Mail Extensions (MIME).
There have been two major versions of the X.420 protocol, one in 1984 and one in 1988. The 1988 version introduced support for X.500 directory names and general purpose extension mechanisms.
The 1984 version of an interpersonal message is identified as "P2", whilst the 1988 and subsequent versions are identified as "P22".
CMS: X.420 may also be found the encapsulatedData of a CMS content
XXX - Add example traffic here (as plain text or Wireshark screenshot).
The X.420 dissector is mostly functional, though some of the heading extensions and extended bodypart types have yet to be supported.
There are no preference settings specific to X.420 but you might want to enable reassembly of those transport protocols that are used below X.420. Specifically, COTP reassembly.
- SampleCaptures/p772-transfer-success.pcap (Note this is actually S4406 but S4406 only provides extensions to X.420.)
A complete list of X.420 display filter fields can be found in the display filter reference
Show only the X.420 based traffic:
You cannot directly filter X.420 protocols while capturing. However, if you know the TCP port used (see above), you can filter on that one.
Capture only the X.420 traffic over the default port (102):
tcp port 102
Imported from https://wiki.wireshark.org/X420 on 2020-08-11 23:27:49 UTC