Hello,
I am interested in seeing if tethereal is able to granularly filter
different parts of an SMTP conversation. For instance, from reading
the man pages I have been able to get the application to show me the
SMTP request traffic successfully using the read filter -R smtp.req.
However, I am really mainly interested in just capturing a subset of
those packets such as the parts of the initial conversation including
the MAIL FROM and RCPT TO pieces. I want to filter out all of the
message body components because this data will then be fed into a
script for analysis purposes and the bodies are not relevant here.
I have scoured the man pages of ethereal and tcpdump and it seems that
if this is possible that it might be by using some sort of notation
such as smtp.req [x:y] == but it is not clear to me how that should
work exactly. The SMTP fields that tethereal can filter on are of a
Boolean format, so I'm not sure I can even filter on information within
an SMTP packet at all.
If someone could please shed some light on this for me I would really
appreciate it. Also, I am not currently a member of this list so it
would be very nice if you could please reply directly to me as well as
to the list.
Thanks very much for any help that comes my way.
- Dave
__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions!
http://auctions.yahoo.com