Wireshark mailing list archives
Re: Capturing Email Traffic
From: Seth Hall <seth () icir org>
Date: Fri, 7 Sep 2012 15:15:09 -0400
On Aug 29, 2012, at 11:36 AM, Giles Coochey <giles () coochey net> wrote:
As Lars says - (POP or SMTP) will just identify traffic on ports 25 and 110, in order to do further you need protocol inspection of all traffic. Running snort over a RSPAN port of your internet VLAN might be able to perform this kind of inspection for you... you would probably have to write your own snort rule for this. http://www.snort.org
Alternately, Bro will create an smtp.log out of the box where it not only finds SMTP on any port, but it logs a number of attributes of email being sent. http://www.bro-ids.org .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro-ids.org/ ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Capturing Email Traffic Seth Hall (Sep 07)