RE: How can I view the packet payload if the packetis SMTP

[Frank Knobbe <fknobbe () knobbeits com>]

On Wed, 2002-12-11 at 10:25, Miller, Eoin wrote:
> Actually its quite possible using ettercap
> (http://ettercap.sourceforge.net) there is a plugin that comes with this
> program by default called H20_dwarf and it logs all pop/smtp activity,
> decoded, to a log file, its pretty sweet, plus it let you do it on a
> switched network.

Yeah, there are several programs out there that log SMTP traffic.
Mailsnarf comes to mind. They all require you to sniff and feed the
program though. 

Or are you saying that Ettercap can read in data from Snort logs? (not
tcpdump).

It shouldn't be too hard to write a shell script that parses the Snort
log file, grabs the hex values out and writes it as ASCII to a file (and
then maybe change the To: header and re-insert it into your MTA of
choice). 

Would be nice having as a plugin though.

Frank

Attachment: signature.asc
Description: This is a digitally signed message part