tshark smtp filter decode.

Will DB
1 ●2 ●1

The Wireshark filter smtp.auth.username does great. The Info column shows the readable username. The same filter in tshark does not interpret the base64 packet content. How can I make it do that?

answered Jun 4 '18

cmaynard

11115 ●12 ●321 ●166 https://www.igt.com/

Pass -o smtp.decryption:TRUE to tshark.

Example without the option:

tshark -T fields -e frame.number -e smtp.auth.username -Y smtp.auth.username -r crim.pcap
63      c25lYWt5ZzMza0Bhb2wuY29t
123     c25lYWt5ZzMza0Bhb2wuY29t

Example with the option:

tshark -o smtp.decryption:TRUE -T fields -e frame.number -e smtp.auth.username -Y smtp.auth.username -r crim.pcap
63      sneakyg33k@aol.com
123     sneakyg33k@aol.com

link

Comments

Perfect! Exactly what I needed! Thanks!

Will DB ( Jun 4 '18 )

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

tshark smtp filter decode.

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

tshark smtp filter decode. savecancel

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

tshark smtp filter decode.