I use Wireshark to capture network traffic. I can use Wireshark to view files transferred over http and I can even follow the stream of an SMTP comunication from one server to another. I have found a way to manually copy and decode a file attachment sent with an smtp email.
My question is, is there a way to do this automatically, given a capture file or live? My company is suspicious of corporate espionage and we believe someone is sending emails with confidential information.