Solved

Analyzing SMTP attachments with WireShark

Posted on 2010-09-21
8
2,247 Views
Last Modified: 2012-06-27
I use Wireshark to capture network traffic.  I can use Wireshark to view files transferred over http and I can even follow the stream of an SMTP comunication from one server to another.  I have found a way to manually copy and decode a file attachment sent with an smtp email.  

My question is, is there a way to do this automatically, given a capture file or live?  My company is suspicious of corporate espionage and we believe someone is sending emails with confidential information.
0
Comment
Question by:tspeicher
  • 5
  • 2
8 Comments
 
LVL 4

Accepted Solution

by:
bjove earned 250 total points
ID: 33728722
You can try xplico:
http://www.xplico.org/
0
 

Author Comment

by:tspeicher
ID: 33728890
Looks like a nice package, but it only runs on Ubuntu?  
0
 

Author Comment

by:tspeicher
ID: 33728906
Sorry didn't look hard enough?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 1

Expert Comment

by:JoeBologna
ID: 33780418
Are you interested in statistics like the number of messages and end points of those messages? You can track destinations of messages and dashboard to get a view. Software that tackles this problem tends to cost $$$. Not sure what your budget is.
0
 

Author Comment

by:tspeicher
ID: 33785267
I am looking to reassemble emails from the wireshark capture file.  I can do it manually, including grabbing the attachments and decoding them and naming them with the original name.  But I want something that will decode all of the emails contained in a capture file.
0
 

Author Comment

by:tspeicher
ID: 33834017
I was looking for a Windows based solution.  But I guess I'm out of luck.
0
 
LVL 1

Assisted Solution

by:JoeBologna
JoeBologna earned 250 total points
ID: 33854695
You can try ApplicationVantage by Compuware. This will take the capture file and give you a thread level view for each email communication. Is it all clear text over the wire? The one down side is that this is turn on/off technology with no monitoring capability. It's a transaction profiling tool. I used this tool to traige many customers in the past and it saves the day when problems are on the plate.
0
 

Author Comment

by:tspeicher
ID: 33963964
Thanks for your info.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question