Re: Retrieving email address from wireshark capture

[M Holt <m.iostreams () gmail com>]

Hi,

It seems that would depend on how you are trying to capture the email
address...
Are you using Wireshark on your desktop, and trying to capture your own
email as it goes out?
Do you have a tap on a switch somewhere that is sniffing all traffic, and
you want to just pull email traffic only?
You could probably start by filtering known email ports - 25, 110, etc.
It really depends on where you are at within your topology, and what kind of
visibility you have to the email traffic passing through.

For example, you won't be able to pull email traffic out of a VPN tunnel by
just having a hub stuck on the network somewhere - does that help?

Mike

On Thu, Oct 15, 2009 at 3:38 AM, Firdous Saleheen <
saleheen.firdous () mango com bd> wrote:

>  Hi,
>
> I am a newbee with wireshark. Does anyone know whether it is possible to
> retrieve email addresses  from a wireshark capture? If possible can anyone
> please let me know the method?
>
>
>
> Thanks in advance.
>
>
>
> Best Regards,
>
> *Firdous Saleheen*
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe