How to capture network traffic with tethereal

To capture and display all incoming SMTP rcpt to commands (where 1.2.3.4 is your IP address): 

tethereal -d tcp.port==25,smtp -R "smtp and tcp.port == 25 and ip.dst == 1.2.3.4 and smtp.req.command == RCPT"

To capture and display all incoming rcpt to commands from specific ip (and where 1.2.3.4 is your IP address): 

tethereal -d tcp.port==25,smtp -R "smtp and tcp.port == 25 and ip.dst == 1.2.3.4 and smtp.req.command == RCPT and ip.src == 5.6.7.8"

Discussion

Enter your comment (wiki syntax is allowed):

Subscribe to the RSS feed for Andy's Debian HOWTOs

Article from Andy's Debian HOWTOs (http://www.besy.co.uk/debian/debian)

 
debian/how_to_use_tethereal_to_sniff_network_traffic.txt · Last modified: 2008/08/01 23:56 (external edit) · [Old revisions]
Recent changes RSS feed Powered by Debian Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki