 | 1 | initial version |
Pass -o smtp.decryption:TRUE to tshark.
Example without the option:
tshark -T fields -e frame.number -e smtp.auth.username -Y smtp.auth.username -r crim.pcap
63 c25lYWt5ZzMza0Bhb2wuY29t
123 c25lYWt5ZzMza0Bhb2wuY29t
Example with the option:
tshark -o smtp.decryption:TRUE -T fields -e frame.number -e smtp.auth.username -Y smtp.auth.username -r crim.pcap
63 [email protected]
123 [email protected]