Wireshark mailing list archives
Re: Retrieving email address from a wireshark capture
From: Firdous Saleheen <saleheen.firdous () mango com bd>
Date: Thu, 15 Oct 2009 23:49:47 +0700 (BDST)
Dear Mike, Thanks for your prompt response. Say, I have a router with SPAN port option, hence have the capability to capture a copy of all the traffic running through that router. Now I need to capture the email address in that traffic, its body is not important. Say, someone from the internet write an email from gmail to a user under my network who is also using the gmail address. Is it possible for me to capture the traffic and extract these two gmail addresses with the help of wireshark? If possible, can you please suggest specifically how can I do that with wireshark? Or if you have a better idea can you please share? lots of thanks Best Regards, Saleheen Hi, It seems that would depend on how you are trying to capture the email address... Are you using Wireshark on your desktop, and trying to capture your own email as it goes out? Do you have a tap on a switch somewhere that is sniffing all traffic, and you want to just pull email traffic only? You could probably start by filtering known email ports - 25, 110, etc. It really depends on where you are at within your topology, and what kind of visibility you have to the email traffic passing through. For example, you won't be able to pull email traffic out of a VPN tunnel by just having a hub stuck on the network somewhere - does that help? Mike On Thu, Oct 15, 2009 at 3:38 AM, Firdous Saleheen < saleheen.firdous () mango com bd> wrote: Hi, I am a newbee with wireshark. Does anyone know whether it is possible to retrieve email addresses from a wireshark capture? If possible can anyone please let me know the method? Thanks in advance. Best Regards, *Firdous Saleheen* ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Retrieving email address from a wireshark capture Firdous Saleheen (Oct 15)
- Re: Retrieving email address from a wireshark capture M Holt (Oct 23)