|
All,
I simplified this email from the
last post, but basically, I want to extract all message bodies from network
traffic using tshark at the command prompt. We are doing this for all
email originating within our network but not using our mail servers. I see
all the available fields in the protocol reference guide, but I don't see one
for the message body itself. When I look at the PDML, I see the field
=="", so I don't see how to do this using using the -Tfields option.
Anyone help with this? I also want to sniff the DNS traffic for hosts that
are resolved which has the same issue.
Thanks,
Mark
|