This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Email analyse

0

Hi,

I am trying to retive messages and emails on a wireshark capture, and have come across bay179.mail.live.com and not sure what this means, however if I filter tcp contains bay179 I get these packets. alt text

When I then run the filter dns contains bay179 I get packet looking like this:

alt text

Is there anyway of getting any information off this?

Thank you

asked 21 Mar '17, 14:35

emma123's gravatar image

emma123
6334
accept rate: 0%


One Answer:

0

What you see there is encrypted web traffic, so I guess you accessed your email with a web browser. There's not much to see here unless you have the encryption keys, in which case you could decrypt the conversation.

answered 22 Mar '17, 11:19

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%