Here is a way to capture traffic with tshark and only get what the display filter is showing.
tshark -i 2 -f "port 110" -R "pop.request.parameter conatins "user"" > c:\port110.txt
*********************try "pop.request.command conatins "USER""*************
This will capture all port 110 traffic and filter out the "user" command line and save it to a txt file.
tshark -i 2 -f "port 25" -R "smtp.rsp.parameter contains "Sender"" > c:\port25.txt
This is an example of how to capture traffic on your outbound smtp server.
-i = interface
-f = capture filter
-R= display filter
2 comments:
This is a useful article related to this post :
Tshark examples: howto capture and dissect network traffic"
Post a Comment