On 30. april. 2008, at 09.44, goitom kahsay wrote: > How can i extract the SMTP parameters such as FROM,TO,SUBJECT,DATE > and ... from SMTP packets?
Hi. I don't know where you want the output, but the SMTP dissector is using the IMF dissector, so it's possible to use tshark to print the values like this: $ tshark -r smtp_data.pcap -e imf.from -e imf.to -e imf.subject -T fields Or you could simply dump all fields and do a grep, like this: $ tshark -V -r smtp_data.pcap | egrep "Subject:|From:|To:|Date:" -- Stig Bjørlykke _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
