On Mon, Feb 12, 2001 at 11:22:41AM -0000, Wolfgang Grabow wrote:
> after capturing some pakets (i listened on port 25 and 110)
> i'd like to decode them. i mean i wan't to read the mail
> in ascii.
What do you need to do that "Follow TCP Stream" doesn't do for those two
protocols (SMTP and POP)?
> Another attempt was to listen to the proxyport,
> but when i try with follow tcp-stream only a few data is shown,
> but not the pages the people have been visiting.
What data is it showing? Whenever I follow HTTP traffic, it does show
the entire HTTP transaction, including the data returned by the HTTP
server (i.e., the pages they were visiting)?
> and finally the question: how can i get eth. decoding the pakets
> so that i can read the content or save the files localy (i.e. a zip
> is mailed)¿
You can do that by writing the code to do that and adding it to
Ethereal. So far, nobody's spent a large amount of time adding support
to Ethereal to interpret data at what I'd consider to be the application
layer of the OSI model, e.g. to show Web pages from an HTTP session as
they'd appear in a browser, or to show mail from an SMTP or POP or IMAP
session as a mail message; most of the developers tend to work at lower
levels of the OSI model, and concentrate on dissecting network protocols
rather than on the end-user data transported using those protocols (the
same applies to the developers of all the other network analyzers I've
ever used...).
The only thing you can do with Ethereal as it exists is to save the
contents of a "Follow TCP Stream" window, but that's the contents of the
TCP stream, e.g. it includes commands and response headers for SMTP,
HTTP, POP, etc., not just the end-user data transported using those
protocols, so you'd have to edit the resulting file yourself if you
wanted only the end-user data.
