![]() ![]() This entry was posted in Mail Security and tagged wireshark by rskala. ![]() If you need any other filter or need another interpretation of a Wireshark capture you can leave us a comment or send it to our Twitter account: where you can also check out more security information and tips. In the following section, we will discuss 5 useful Wireshark display filter through examples. If it ends up blank, it means that no SMTP errors were found in that specific capture. When you execute this filter you will end up only with 4XX and/or 5XX error codes so you will see all SMTP errors withing your capture. The following list shows some examples: dst net. Not eq 220 and not eq 221 and not eq 250 and not eq 354 and You can also use /len to capture traffic from range of IP addresses. If you don’t know it, or if you want to list all SMTP errors in the SMTP sessions, then you must first exclude all the valid codes (2XX) until you end up only with 4XX or 5XX codes. If you know the error code then use this filter: eq RCPT and contains a specific sender mailbox In this post you will find some filters that may help you to correctly interpret complete conversations or specific network packets.įiltering an SMTP conversation between two serversįiltering an HTTP conversation between two serversįiltering an SMTP Conversation with TLS between two serversįiltering outgoing packets from ona particular IPįiltering incoming packets from one particular IPįiltering the number of recipients in an SMTP conversation Wireshark is an application that allows you to capture network traffic, this is very useful when you need to troubleshoot problems or just to understand how an specific application works.
0 Comments
Leave a Reply. |