This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

capture outgoing and/or incoming email

0

how can I capture an outgoing or incoming email by the emailadress?

thanks

asked 26 Nov '10, 06:25

kurtw's gravatar image

kurtw
1112
accept rate: 0%

I don't think you can do it easily w/o resorting to a complicated capture filter that looks for specific characters at certain offsets. And that won't even work reliably unless the emails are being sent individually.

(26 Nov '10, 09:08) hansangb

2 Answers:

0

You could just capture all the email based on the TCP port used and then apply a display filter such as:

frame contains "[email protected]"

or use

frame contains "userid"

answered 27 Nov '10, 14:31

lchappell's gravatar image

lchappell ♦
1.2k2730
accept rate: 8%

I had assumed the OP couldn't contend with the main SMTP feed's volume but I guess I could be wrong. I should stop thinking that everyone has to deal with massive scaling problems! :)

(27 Nov '10, 18:25) hansangb

0

Capturefilter I use: tcp port 110 or tcp port 25 or tcp port 143

Displayfilter I use: imf.from contains "[email protected]" or imf.to contains "[email protected]" or imf.sender contains "[email protected]"

How can I export the filtered Emails to separatly files?

thanks k.w.

answered 01 Dec '10, 01:02

kurtw's gravatar image

kurtw
1112
accept rate: 0%

edited 01 Dec '10, 01:03