|
Ethereal[Ethereal-users] help with granular filtering / looking inside of SMTP packets |
|
||
|
|
Ethereal[Ethereal-users] help with granular filtering / looking inside of SMTP packets |
|
||
Hello, I am interested in seeing if tethereal is able to granularly filter different parts of an SMTP conversation. For instance, from reading the man pages I have been able to get the application to show me the SMTP request traffic successfully using the read filter -R smtp.req. However, I am really mainly interested in just capturing a subset of those packets such as the parts of the initial conversation including the MAIL FROM and RCPT TO pieces. I want to filter out all of the message body components because this data will then be fed into a script for analysis purposes and the bodies are not relevant here. I have scoured the man pages of ethereal and tcpdump and it seems that if this is possible that it might be by using some sort of notation such as smtp.req [x:y] == but it is not clear to me how that should work exactly. The SMTP fields that tethereal can filter on are of a Boolean format, so I'm not sure I can even filter on information within an SMTP packet at all. If someone could please shed some light on this for me I would really appreciate it. Also, I am not currently a member of this list so it would be very nice if you could please reply directly to me as well as to the list. Thanks very much for any help that comes my way. - Dave __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com
Powered by MHonArc 2.6.10