Ethereal

Re: [Ethereal-users] display filter for pop3?
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-users: March 2006

 

On Mon, Mar 06, 2006 at 11:07:14AM +0100, Agryppa wrote:
> Dnia poniedzia??ek, 6 marca 2006 10:57, Guy Harris napisa??:
> 
> > That will find a *single TCP segment* that has POP traffic where the POP
> > traffic has both "USER" and "RETR".
> >
> > Is that what you're trying to find?
> Well, my intention is mimick what I achieved in smtp traffic:
> 
> "smtp contains FROM or smtp contains RCPT"
> 
> This way I can see from what address to what address the mail is sent and I 
> can use Follow TCP Stream to monitor the entire conversation.
> Can that be done for POP?

How'bout "pop contains USER or pop contains RETR", that will show you all
packets with usernames and all packets with a RETR command in them. A little
searching and "follow-tcp-streams" might just get you what you are
looking for :)


Cheers,  Sake

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.