Wireshark · Wireshark-users: Re: [Wireshark-users] Capturing Email Traffic

Wireshark-users: Re: [Wireshark-users] Capturing Email Traffic

From: Seth Hall <seth@xxxxxxxx>

Date: Fri, 7 Sep 2012 15:15:09 -0400

On Aug 29, 2012, at 11:36 AM, Giles Coochey <giles@xxxxxxxxxxx> wrote:

> As Lars says - (POP or SMTP) will just identify traffic on ports 25 and 110, in order to do further you need protocol inspection of all traffic. Running snort over a RSPAN port of your internet VLAN might be able to perform this kind of inspection for you... you would probably have to write your own snort rule for this.
> http://www.snort.org

Alternately, Bro will create an smtp.log out of the box where it not only finds SMTP on any port, but it logs a number of attributes of email being sent.  http://www.bro-ids.org

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/

Prev by Date: Re: [Wireshark-users] Troubleshooting video chat dropouts
Next by Date: [Wireshark-users] Ethernet Port Speed
Previous by thread: [Wireshark-users] AUTO: Dan Ayala is out of the remainder of this afternoon (returning 09/05/2012)
Next by thread: [Wireshark-users] Ethernet Port Speed
Index(es):
- Date
- Thread