Analyzing SMTP attachments with WireShark

I use Wireshark to capture network traffic.  I can use Wireshark to view files transferred over http and I can even follow the stream of an SMTP comunication from one server to another.  I have found a way to manually copy and decode a file attachment sent with an smtp email.  

My question is, is there a way to do this automatically, given a capture file or live?  My company is suspicious of corporate espionage and we believe someone is sending emails with confidential information.
tspeicherAsked:
Who is Participating?
 
bjoveConnect With a Mentor Commented:
You can try xplico:
http://www.xplico.org/
0
 
tspeicherAuthor Commented:
Looks like a nice package, but it only runs on Ubuntu?  
0
 
tspeicherAuthor Commented:
Sorry didn't look hard enough?
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 
JoeBolognaCommented:
Are you interested in statistics like the number of messages and end points of those messages? You can track destinations of messages and dashboard to get a view. Software that tackles this problem tends to cost $$$. Not sure what your budget is.
0
 
tspeicherAuthor Commented:
I am looking to reassemble emails from the wireshark capture file.  I can do it manually, including grabbing the attachments and decoding them and naming them with the original name.  But I want something that will decode all of the emails contained in a capture file.
0
 
tspeicherAuthor Commented:
I was looking for a Windows based solution.  But I guess I'm out of luck.
0
 
JoeBolognaConnect With a Mentor Commented:
You can try ApplicationVantage by Compuware. This will take the capture file and give you a thread level view for each email communication. Is it all clear text over the wire? The one down side is that this is turn on/off technology with no monitoring capability. It's a transaction profiling tool. I used this tool to traige many customers in the past and it saves the day when problems are on the plate.
0
 
tspeicherAuthor Commented:
Thanks for your info.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.