Hi all! I created an e-mail anti spam system and I need to test it against an anti spam product that I hired. I duplicated the port from where my e-mail's packages comes, so now my homemade system and the oficial product receive both the same packages. My system needs to "see" the entire e-mail in order to classify it. Now I'm running an offline test, so I captured all packages from this port with Wireshark. I used the filter tcp.srcport == 25 and exported to a txt file every package from this port. Now I have to make a program with some logic that group by sequencially all packages with text from an e-mail and recreate everyone of it manually. How can I make it easier with Wireshark? I mean, is there a way that I can get a complete e-mail without having to process the txt file in order to recreate package by package? I'm open to new ideas even if I'm using the wrong product to capture the packages. Thanks a lot! Kind Regards!
asked 23 May '13, 09:48
Did you try using the "Follow TCP Stream" option from the popup menu? It should display the reassembly email content in readable format unless it is encrypted or packets are missing.
answered 23 May '13, 11:27