|
Right click a
packet in the correct TCP conversation, select "Follow TCP Stream" and then
"Save As" the resulting text to a file. Then use another package to search for
the text you want. (Anything from a text editor to a perl script depending on
what you want to use it for.)
There is not
likely to be any way to do this within Ethereal, because the text that you are
looking for may be split across packets. Even if it isn't, it will be in a
random position within the packet.
--
Richard Urwin, Software Design
Engineer
Schenck Test Automation
Braemar Court, 1311b Melton Road, Syston, UK.
rurwin@xxxxxxxxxxxxx
Can anyone recommend a way, perhaps with filters, to
obtain mime attachment
information from smtp packets? I am particularly interested in
getting the
filenames from the 'Content-Disposition: attachment;
filename="tempfile.xls" '
section of a mime email.
Just getting all the the smtp.req packets with tethereal
and parsing through them
using an external script is difficult since due to the hard to
predict line breaks.
Thanks for any suggestions
Paul
This message has been 'sanitized'. This means that potentially
dangerous content has been rewritten or removed. The following log
describes which actions were taken.
Sanitizer (start="1017775297"):
Part (pos="1047"):
SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
Match (rule="2"):
Enforced policy: accept
Part (pos="1637"):
SanitizeFile (filename="unnamed.html", mimetype="text/html"):
Match (rule="default"):
Enforced policy: accept
Rewrote HTML tag: >>_META http-equiv=Content-Type content="text/html; charset=iso-8859-1"_<<
as: >>_MANGLED_ON_PURPOSE_META http-equiv=Content-Type content="text/html; charset=iso-8859-1"_<<
Rewrote HTML tag: >>_META content="MSHTML 5.50.4912.300" name=GENERATOR_<<
as: >>_MANGLED_ON_PURPOSE_META content="MSHTML 5.50.4912.300" name=GENERATOR_<<
Rewrote HTML tag: >>_BODY style="MARGIN-TOP: 2px; FONT: 8pt MS Sans Serif; MARGIN-LEFT: 2px"_<<
as: >>_BODY MANGLED_ON_PURPOSE_style="MARGIN-TOP: 2px; FONT: 8pt MS Sans Serif; MARGIN-LEFT: 2px"_<<
Total modifications so far: 3
Anomy 0.0.0 : Sanitizer.pm $Id: Sanitizer.pm,v 1.32 2001/10/11
19:27:15 bre Exp $
|
________________________________________________________________________
This
email has been scanned for all viruses by the MessageLabs SkyScan
service.
For more information on a proactive anti-virus service working
around the
clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________
| This message has been 'sanitized'. This means that potentially
dangerous content has been rewritten or removed. The following
log describes which actions were taken.
Sanitizer (start="1017819500"):
Part (pos="1342"):
SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
Match (rule="2"):
Enforced policy: accept
Part (pos="4700"):
SanitizeFile (filename="unnamed.html", mimetype="text/html"):
Match (rule="default"):
Enforced policy: accept
Rewrote HTML tag: >>_META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"_<<
as: >>_MANGLED_ON_PURPOSE_META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"_<<
Rewrote HTML tag: >>_META content="MSHTML 6.00.2713.1100" name=GENERATOR_<<
as: >>_MANGLED_ON_PURPOSE_META content="MSHTML 6.00.2713.1100" name=GENERATOR_<<
Total modifications so far: 2
Anomy 0.0.0 : Sanitizer.pm
$Id: Sanitizer.pm,v 1.32 2001/10/11 19:27:15 bre Exp $
|
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com
________________________________________________________________________
|
