Snort mailing list archives
Re: How can I view the packet payload if the packet is SMTP
From: Frank Knobbe <fknobbe () knobbeits com>
Date: 11 Dec 2002 09:40:38 -0600
On Wed, 2002-12-11 at 00:42, Atul Shrivastava wrote:
I want to know that how can I view the captured packet payload if the packed is SMTP. Actually I have made a rule for Conternt Inspection for SMTP for some specific word, the sensor is also getting alerts but when I want to see the mail which it has captured then it shows a very hard to read mail. So I want a frontend which will act such that I can be able to read the packed payload according to the application in which the packet is made by the source station and I can also view the attachments if the Viewing station is having that required software to view that attachment. Can anyone help me in this regard.
This is a great idea. Why don't you write such a front end for us? Please let us know when you release it. Thanks, Frank PS: You weren't soliciting us to write one for you, were you?
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- How can I view the packet payload if the packet is SMTP Atul Shrivastava (Dec 10)
- Re: How can I view the packet payload if the packet is SMTP Frank Knobbe (Dec 11)
- Re: How can I view the packet payload if the packet is SMTP Erek Adams (Dec 12)