tcpdump -i <interface> src host <hostname or ip of host1> dst host <hostname or ip of host2> port 25 or 143
This seems to be the command tcpdump but I want to send email then sniff the packet.
ssmtp user@domain.com < msg.txt
This seems to be the command to send email using ssmtp.
As per this blog:
Any guidance?
Start the tcpdump with the -w <hostname_capture.pcap> and -s 65535 on both hosts
Then run the sendmail / imap scripts
Then stop the capture ([CTRL-C])
Now you have 2 packet capture files, open them in wireshark and see what you see.
I don't understand .
In addition to the parameters you indicated, use the -s parameter to ensure you capture the full packet, use the -w parameter to define the file being written to. Then start up the tcpdump monitoring as root. Now anything matching your filter (host, port etc) will be written to the file on the host
Wireshark allows you browse through the packets and has an understanding of the protocols so that errors are highlighted and parts of the protocols are identified.
If you have any further questions please be more specific about what you don't understand.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.