Wireshark · Wireshark-users: [Wireshark-users] Using tshark to extract message body from smtp port

Wireshark-users: [Wireshark-users] Using tshark to extract message body from smtp port

From: "Mark Sass" <thesassman@xxxxxxxxxxx>

Date: Thu, 27 Mar 2008 21:32:08 -0500

All,

I simplified this email from the last post, but basically, I want to extract all message bodies from network traffic using tshark at the command prompt. We are doing this for all email originating within our network but not using our mail servers. I see all the available fields in the protocol reference guide, but I don't see one for the message body itself. When I look at the PDML, I see the field =="", so I don't see how to do this using using the -Tfields option. Anyone help with this? I also want to sniff the DNS traffic for hosts that are resolved which has the same issue.

Thanks,

Mark

Prev by Date: Re: [Wireshark-users] Learning to setup WS to see TCP and HTTP
Next by Date: Re: [Wireshark-users] Wireshark-users_Digest,_Vol_22,_Issue_75
Previous by thread: Re: [Wireshark-users] Using tshark to extract empty fields from pcap files
Next by thread: Re: [Wireshark-users] Wireshark-users_Digest,_Vol_22,_Issue_75
Index(es):
- Date
- Thread