Analyzing SMTP attachments with WireShark

Posted on 2010-09-21
Medium Priority
Last Modified: 2012-06-27
I use Wireshark to capture network traffic.  I can use Wireshark to view files transferred over http and I can even follow the stream of an SMTP comunication from one server to another.  I have found a way to manually copy and decode a file attachment sent with an smtp email.  

My question is, is there a way to do this automatically, given a capture file or live?  My company is suspicious of corporate espionage and we believe someone is sending emails with confidential information.
Question by:tspeicher
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2

Accepted Solution

bjove earned 1000 total points
ID: 33728722
You can try xplico:

Author Comment

ID: 33728890
Looks like a nice package, but it only runs on Ubuntu?  

Author Comment

ID: 33728906
Sorry didn't look hard enough?
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.


Expert Comment

ID: 33780418
Are you interested in statistics like the number of messages and end points of those messages? You can track destinations of messages and dashboard to get a view. Software that tackles this problem tends to cost $$$. Not sure what your budget is.

Author Comment

ID: 33785267
I am looking to reassemble emails from the wireshark capture file.  I can do it manually, including grabbing the attachments and decoding them and naming them with the original name.  But I want something that will decode all of the emails contained in a capture file.

Author Comment

ID: 33834017
I was looking for a Windows based solution.  But I guess I'm out of luck.

Assisted Solution

JoeBologna earned 1000 total points
ID: 33854695
You can try ApplicationVantage by Compuware. This will take the capture file and give you a thread level view for each email communication. Is it all clear text over the wire? The one down side is that this is turn on/off technology with no monitoring capability. It's a transaction profiling tool. I used this tool to traige many customers in the past and it saves the day when problems are on the plate.

Author Comment

ID: 33963964
Thanks for your info.

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month10 days, 4 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question