[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SMTP no-such-user issues
- Subject: SMTP no-such-user issues
- From: nanog at daork.net (Nathan Ward)
- Date: Wed, 18 Jun 2008 01:21:40 +1200
- In-reply-to: <[email protected]>
- References: <[email protected]> <[email protected]> <!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5/+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQAAAATbSgAABAAAAC3+GFOl4HyQrYUCWTc0yh6AQAAAAA=@iname.com> <[email protected]> <!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5/+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQAAAATbSgAABAAAADXBFW5pd2RSLhGpghNl9ChAQAAAAA=@iname.com> <[email protected]> <[email protected]>
On 18/06/2008, at 1:20 AM, Steve Bertrand wrote:
> Steve Bertrand wrote:
>> Frank Bulk - iNAME wrote:
>>> Once you've performed a full capture on port 25, Wireshark does a
>>> nice job
>>> of providing an option to extract the relevant conversation by
>>> right-clicking on just one packet in that conversation and choosing
>>> something called "Follow the TCP stream", I believe.
>> Ok. I've never captured in tcpdump and then imported into Wireshark
>> before, but I'll do some tests, scp the file to my Windows
>> workstation, then follow the stream.
>> Once I ensure I get a clean stream, I'll post the results.
>
> As I research the documentation on the how-to specifics on capturing
> with tcpdump in a format that is Wireshark compatible, is there
> anyone here that could perform a simple test against their own
> domain email system, that can confirm or deny what I have been
> witnessing?
Wireshark reads pcap files. Spit them out with this option on the
tcpdump commandline.
-w file
--
Nathan Ward