This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm troubleshooting a smtp issue involving character-set encoding and it's extremely difficult to involve the end user. I have a packet capture of an incoming smtp session that results in problematic behavior but if I try to copy/paste the mime source from wireshark, the issue doesn't occur.

I'm reasonably certain that the difference in my testing is that I'm copying the strings in the packet capture from the Wireshark "follow tcp stream" output and that's not necessarily the bit-for-bit accurate copy of the data as it arrived on the wire.

So my question is this: how can I get an EXACT copy of the bit-for-bit SMTP data and send it again for reproduction purposes? Is there a way to "replay" a transmission?

asked 01 Jun '16, 17:14

thecgmguy's gravatar image

thecgmguy
11112
accept rate: 0%


You might find something in the Wiki that suits your needs.

permanent link

answered 01 Jun '16, 22:19

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Yes, there is, look for "tcpreplay". Please note that it is important that you have captured the session establishment phase (SYN, SYN+ACK, ACK) - not for the tool to work but for your SNMP machine to accept the replayed packets.

permanent link

answered 01 Jun '16, 22:23

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×25
×6
×1

question asked: 01 Jun '16, 17:14

question was seen: 1,267 times

last updated: 01 Jun '16, 22:23

p​o​w​e​r​e​d by O​S​Q​A