How do people go about decoding smtp packets in order to present them in
readable format if their original format is different than ascii 7bit? I mean
my captured data start like this:
============
This is a multi-part message in MIME format.
------=_NextPart_000_0009_01C63FAE.147502F0
Content-Type: text/plain;
.charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
=============
Hence the text I see in the "Follow Tcp Stream" is not easily readable. Can
ethereal convert from ascii 7 bit into iso-8859-2 on the fly?
What I think you mean is "can Ethereal convert from quoted-printable
encoding of a character set to a more raw encoding of the character
set"; the answer is currently "no".
This is complicated by the fact that the *display* character encoding
used by GTK+ is, I think, font-dependent in GTK+ 1.2[.x] (making it
difficult to have a GTK+ application explicitly do the right thing), and
is UTF-8 in GTK+ 2.x.
I.e., displaying anything other than ASCII is difficult in GTK+ 1.2[.x]
(unless somebody knows the magic formula for finding out the character
encoding the GTK+ 1.2[.x] API expects), and involves converting from the
character encoding from the packet to UTF-8 in GTK+ 2.x.
So, to display that message, Ethereal would first need to reassemble the
message in an SMTP DATA command - or perhaps each part of a multi-part
message - and then convert each part using the appropriate
Content-Transfer-Encodings. Then, it would need to convert from the
character encoding to UTF-8 (at least in the GTK+ 2.x version; doing
this right might not be possible with GTK+ 1.2[.x) when showing the
packet summary and details.
Printing the packet summary and details, or writing them as text to a
file, is trickier, as it'd have to know the right character encoding to use.
