Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

I had the sneaking feeling the "M" could also stand for "Military". :-) (The "United States" in the specification name suggested it, as I suspect few other parts of the US government would want their own standard.)

According to the USMTF Wikipedia page, it is "is a Military Standard collection of information exchanges, currently defined in W3C XML Schema, which seeks to improve the interoperability of Joint military systems."

It's published as MIL-STD-6040 (and apparently it may also be a NATO standard, so other NATO countries may have their own versions). It doesn't appear to be easily available to non-military personnel.

It appears to be an XML-based text format, so it was presumably developed after the MIME specifications came out. If it's implemented atop the RFC 5322 Internet Message standard, plus the RFC 2045, RFC 2046, RFC 2047, RFC 2048, and RFC 2049 MIME specifications, with a particular media type being assigned to USMTF messages, then you could register a dissector in the "media_type" dissector table, with the media-type string value as the key.

If it's not encoded using the Internet Message Format + MIME, but there is some extension to SMTP that's used to negotiate USMTF, we'd have to add a mechanism to support that mechanism.

If there's no such extension, we'd have to add support for "heuristic" dissectors to look at message bodies and dissect them if they look like messages for that type; there is no such mechanism currently available in Wireshark.