Wireshark · Ethereal-users: [Ethereal-users] smtp Display filter.

Ethereal-users: [Ethereal-users] smtp Display filter.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Tue, 4 May 2004 10:35:37 -0400




Good Day All,

Can someone possibly help me. I am trying to come up with a display filter,
but have been unsuccessful.

I am trying to filter on the Message section of a smtp packet.
Here is what I see

Frame
Ethernet
IP
TCP
SMTP ----\/
      Message: Received: from machine.hostname.com

I am trying to wrote a couple of different filters for "Recieved: from" but
it don't return the correct results.

I have tried tcp[42:1]=52  trying to find the "R" that didn't work
smtp contains "Recieved:" didn't work

Any Idea's??

Prev by Date: [Ethereal-users] gdk_win32_pixmap_new: depth 16 doesn't match display depth 15
Next by Date: RE: [Ethereal-users] -q option not available for Solaris version.
Previous by thread: [Ethereal-users] gdk_win32_pixmap_new: depth 16 doesn't match display depth 15
Next by thread: RE: [Ethereal-users] smtp Display filter.
Index(es):
- Date
- Thread