Wireshark-dev: Re: [Wireshark-dev] SMTP: Extracting parametrs
From: "goitom kahsay" <[email protected]>
Date: Sat, 10 May 2008 17:02:15 +0300
  How can i  extract these values (From, TO ,Subject and Date) from the SMTP packets displayed  in the packet list pane in to a new dialog.

Any idea!

Thank u in  advance

On Thu, May 1, 2008 at 1:37 AM, Stig Bjørlykke <[email protected]> wrote:
On 30. april. 2008, at 09.44, goitom kahsay wrote:

> How can i extract the SMTP parameters such as FROM,TO,SUBJECT,DATE
> and ... from SMTP packets?


I don't know where you want the output, but the SMTP dissector is
using the IMF dissector, so it's possible to use tshark to print the
values like this:

$ tshark -r smtp_data.pcap -e imf.from -e imf.to -e imf.subject -T

Or you could simply dump all fields and do a grep, like this:

$ tshark -V -r smtp_data.pcap | egrep "Subject:|From:|To:|Date:"

Stig Bjørlykke

Wireshark-dev mailing list
[email protected]