This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Intercept SMTP from/to a DVR

0

I have a CCTV DVR that sends alert messages via SMTP. According to my router logs the ISP's email is replying with an error message and I need to read this to understand what's going wrong. I'm trying to read the reply with Wireshark on another PC on the same network but after reading FAQs and stumbling around for some time I have got nowhere. Could someone help please?

asked 23 Mar '14, 05:23

Roger99's gravatar image

Roger99
1112
accept rate: 0%

edited 23 Mar '14, 07:23

Do you want to know how to capture the traffic or do you need help with the file analysis?

(23 Mar '14, 09:01) Roland

Roland - sorry I missed your comment. It's the capture that beats me. I have the PC and the DVR going into the same cable router but don't understand which method I should be using.

(23 Mar '14, 15:26) Roger99

Kurt was quicker. Use the port mirroring feature of the Draytek.

(24 Mar '14, 13:21) Roland

Thanks Roland. I'll take it from there.

(24 Mar '14, 14:32) Roger99

One Answer:

0

Please read the wiki to learn how to capture Ethernet traffic

http://wiki.wireshark.org/CaptureSetup/Ethernet

Regards
Kurt

answered 23 Mar '14, 13:20

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Thanks Kurt. I did go through that FAQ several times before posting, but could not work out which of the methods I should be using. Guess this is going to be beyond my limited knowledge.

(23 Mar '14, 15:27) Roger99

but could not work out which of the methods I should be using.

well, that depends on you enviroment. If you have a switch with mirror port then use that, but I guess that's not very common in a private environment.

So, please add some details how you connected your DVR to the network (switch: yes/no) and to the ISP router. What kind of router is that?

Depending on that information I can suggest one or another method.

(24 Mar '14, 08:57) Kurt Knochner ♦

I have a Draytek Vigor 2860 router. The DVR and PC are both connected by cable to the router and both have fixed IP addresses on the local network. The router's syslog show me that the DVR is talking to the ISP email server, but the DVR then says 'email failed'. I need to see what the DVR is actually sending to the email server, and the server's reply.

(24 Mar '14, 09:16) Roger99

The DVR and PC are both connected by cable to the router

well, then either use a hub (hard to find these days) to connect the DVR and the PC to the router, or a small/cheap switch with port mirroring feature

http://ask.wireshark.org/questions/13892/port-mirror-switch

or use the built-in packet capture feature of the Draytek

http://www.draytek.com/index.php?option=com_k2&view=item&id=2069&Itemid=296&lang=en

Please ask Draytek support how that works!

(24 Mar '14, 09:25) Kurt Knochner ♦

Thank you Kurt. That's very helpful. I'll look into those alternatives.

(24 Mar '14, 11:50) Roger99

The built-in capture method of the Draytek is probably the easiest one.

(24 Mar '14, 15:20) Kurt Knochner ♦
showing 5 of 6 show 1 more comments