Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: How can I view the packet payload if the packetis SMTP

From: "Miller, Eoin" <Miller () fhlb-of com>
Date: Wed, 11 Dec 2002 11:25:17 -0500
Actually its quite possible using ettercap
(http://ettercap.sourceforge.net) there is a plugin that comes with this
program by default called H20_dwarf and it logs all pop/smtp activity,
decoded, to a log file, its pretty sweet, plus it let you do it on a
switched network.

;)


-----Original Message-----
From: Frank Knobbe [mailto:fknobbe () knobbeits com] 
Sent: Wednesday, December 11, 2002 10:41 AM
To: Atul Shrivastava
Cc: snort-users () lists sourceforge net; snort-devel () lists sourceforge net
Subject: Re: [Snort-users] How can I view the packet payload if the
packetis SMTP

On Wed, 2002-12-11 at 00:42, Atul Shrivastava wrote:

I want to know that how can I view the captured packet payload if the
packed is SMTP. Actually I have made a rule for Conternt Inspection
for SMTP for some specific word, the sensor is also getting alerts but
when I want to see the mail which it has captured then it shows a very
hard to read mail. So I want a frontend which will act such that I can
be able to read the packed payload according to the application in
which the packet is made by the source station and I can also view the
attachments if the Viewing station is having that required software to
view that attachment. Can anyone help me in this regard.



This is a great idea. Why don't you write such a front end for us?
Please let us know when you release it.

Thanks,
Frank



PS: You weren't soliciting us to write one for you, were you?



-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: