Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Analyzing SMTP attachments with WireShark

Posted on 2010-09-21
Medium Priority
Last Modified: 2012-06-27
I use Wireshark to capture network traffic.  I can use Wireshark to view files transferred over http and I can even follow the stream of an SMTP comunication from one server to another.  I have found a way to manually copy and decode a file attachment sent with an smtp email.  

My question is, is there a way to do this automatically, given a capture file or live?  My company is suspicious of corporate espionage and we believe someone is sending emails with confidential information.
Question by:tspeicher
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2

Accepted Solution

bjove earned 1000 total points
ID: 33728722
You can try xplico:

Author Comment

ID: 33728890
Looks like a nice package, but it only runs on Ubuntu?  

Author Comment

ID: 33728906
Sorry didn't look hard enough?
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!


Expert Comment

ID: 33780418
Are you interested in statistics like the number of messages and end points of those messages? You can track destinations of messages and dashboard to get a view. Software that tackles this problem tends to cost $$$. Not sure what your budget is.

Author Comment

ID: 33785267
I am looking to reassemble emails from the wireshark capture file.  I can do it manually, including grabbing the attachments and decoding them and naming them with the original name.  But I want something that will decode all of the emails contained in a capture file.

Author Comment

ID: 33834017
I was looking for a Windows based solution.  But I guess I'm out of luck.

Assisted Solution

JoeBologna earned 1000 total points
ID: 33854695
You can try ApplicationVantage by Compuware. This will take the capture file and give you a thread level view for each email communication. Is it all clear text over the wire? The one down side is that this is turn on/off technology with no monitoring capability. It's a transaction profiling tool. I used this tool to traige many customers in the past and it saves the day when problems are on the plate.

Author Comment

ID: 33963964
Thanks for your info.

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about achieving the basic levels of HRIS security in the workplace.
How does someone stay on the right and legal side of the hacking world?
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question