Ethereal-users: Re: [Ethereal-users] I need help w/ filters

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Olivier Biot" <ethereal@xxxxxxxxxx>
Date: Sat, 17 Jul 2004 02:04:42 +0200
From: Sara Wiley

| How do I do this:  I have a huge capture file, and I
| only want to see the emails sent by certain addresses.

This will depend on the mail protocols. If you try to capture POP or
SMTP traffic, that won't be a big problem. However, if you intend to
intercept MAPI (MS Exchange), things get more complicated as there is
no MAPI dissector yet, and even worse: this traffic is often
encrypted.

|  Actually, I'd ideally like to find out all the
| addresses a certain set of addresses send email to
| then filter out everything but the emails sent by
| those emails.  Does that make sense?  Please help.

If you use plain Internet protocols for sending/receiving email, one
way of filtering is to use the "matches" operator where you can write
a Perl-compatible regular expression to search for given fields within
the packet.

Best regards,

Olivier