I'm trying to debug an application and it isn't a place that's convenient to run WireShark.
I've been using "tcpdump -nn -x -X port 25" but the output isn't really in the most convenient format. Thoughts?
I'm trying to debug an application and it isn't a place that's convenient to run WireShark.
I've been using "tcpdump -nn -x -X port 25" but the output isn't really in the most convenient format. Thoughts?
I'd think the easiest thing to do would be to point the application at a SMTP proxy which just passes everything through to the real server and logs it in the meantime (could probably hack something together with socat in a few minutes), but going with your current approach...
You can always have tcpdump write out to a file using "-w dump.txt -s 0" as extra arguments, and then load the output file into WireShark locally.
A utility known as ngrep
exists which might help you. It has all the power of regular grep, but it works on pcap data. Check it out here