Capturing SMTP traces
I am trying to troubleshoot an error a customer is having when they configure their SMTP outgoing email server settings and capture the SMTP protocol traces.
The printer has its own IP address and I am able to capture TCP information and other protocols but not SMTP. I have configured the SMTP Server (example: smtp1.mycompany.com) on SMTP Port: 25. I am on a Comcast network (10.1.10.x).
Is there a filter I can apply to capture the SMTP tracing from the SMTP server?
I am currently using: ip.addr==15.23.2.x
network setup as follows: PC > Hub (not switch) > printer > Comcast LR5 tap (10.1.10.x)
I am a novice user. I tried attaching the trace capture, I guess I need 60 points to do that..
Thank you for any help you can provide.
Who's emailing? The printer? Printer is a switch, between hub and this Comcast device? Is the SMTP connection through a TLS link? Have you tried using port 587 (smtp-submission)?
Hi Jaap, Thank you for your reply. Sorry for the confusion.
I am trying to configure the SMTP out server settings on a HP PageWide Managed MFP P77740dw printer so that I can scan to email and send via printer. However, when I test my SMTP out settings to send an email, I get a Configuration Network error. Tells me to check the printers network connection and try again. This is where I am hoping that Wireshark can tell me (SMTP traces) why I am getting the network error. So my question what do I need to do to get SMTP traces?
Example: ip.addr--172.20.10.2
Both PC (Win10 Ent 64bit) and printer are connected to a Hub which Comcast ISP is connected to the uplink port. (No switch involved)
Printer: HP PageWide MFP P77740dw Hub: Lynksys 10/100 5-port Workgroup Hub Model FFAHO5W PC: Windows 10 Ent ...(more)
Ok, this all looks a bit better. Now the first step is to make sure that all devices use wired Ethernet, not their build in Wifi connectivity. Also make sure they all match the same speed (which I assume will be 100Mb) on the hub. Next you are throwing out all different kind of IP addresses. Maybe you need to stop focussing on that and start filtering on the TCP ports used, as you said 25 or 587. So 'tcp.port==25 or tcp.port==587'
Hi Jaap, Yes. I am using wired as wireless is encrypted. Is there a way to detect if they are all running the same speed? The Linksys Hub is EtherFast 10/100. So, I am assuming that all ports are running 100Mb.
So filtering on the TCP port - tcp.port==25 or tcp.port==587 should reveal any SMTP packet traces?
Thanks again for your time and consideration.
Thanks, Todd
"Assumption is the the mother of all fuck-ups", so check the indications on the Linksys EFAHO5W that all links involved have their '100' LED illuminated. Now you can capture with promiscuous mode on the PC port connected to this hub and see the network traffic from the printer to the outside world. If you apply the display filter after that, the SMTP traffic (if any) should remain.