I have used Wireshark in University a little bit when I was studying Computer security and forensics. But now that I am employed as a IT security officer my company is looking at implementing a email monitoring solution on our network. Does anyone know if it's possible for Wireshark to perform the following task? Filter all SMTP traffic within a set IP range and show the destination address and attachment format. But exclude the internal email address domain from the results. Basically the purpose of this is because we have a policy in place that all emails containing attachments that are sent outside of the company must be encrypted using 7zip. Therefore we are keen to enforce this to prevent any leakage of sensitive information. asked 09 Aug '11, 06:18  RogueViper |
2 Answers:
Wouldn't this be better handled by your email server, presuming you have an internal one that all users send their email to? If you allow all users to directly transmit emails to some outside server then life will be more difficult. answered 09 Aug '11, 07:07  grahamb ♦ |
As @grahamb pointed out, it's better processed by email server with a plugin. In case you really need to process it at packet level, you may want to learn something basic on packet programming. More specifically
You may find you really learned a lot about networking and you feel like a network expert :-) answered 27 Sep '16, 06:37  sharkfun |
Ok thanks. This is my first job in IT since graduating so I am on a massive learning curve. This is something my boss asked me to investigate. Thanks for the suggestion.