Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] identifying .dwg and .one files in gmail attachments

From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Tue, 30 Mar 2010 07:48:40 +1100
If you are talking about Web based Gmail, and users configure their settings to use HTTPS/SSL then it will be encrypted and by definition should *not* be able to identify anything specific about their email attachments. (Of course if your users are able to SSL protect SMTP or IMAP or POP then you are in the same boat).  I would have though for unencrypted Gmail that any attachments should be visible (throuh what ever mechanism they use) possibly obscured by some basic encapsulation.

Your only option in that case is to provide a man-in-the-middle SSL proxy and somehow convince or install the necessary trusted certificate (so it can forge new ones), 

Regards, Martin


On Tue, Mar 30, 2010 at 2:44 AM, Support SwarajComm <support@xxxxxxxxxx> wrote:

I have requirement like this. Need to block .dwg and .one files in mail attachment. I can implement firewall policy to block mail attachment with file signatures 41433130 (for .dwg files) and E4525C7B8CD8A74DAEB15378D02996D3 (for .one files). I am able to see these file signatures in all mails sniffer except gmail. Gmail is doing some encryption. What is the way to identify these files when using gmail. If I know some keyword related to these file types in gmail I can implement firewall policy to block that pattern. Any ideas?

Siva K

Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>