smtp - extract information exchanged using the Simple Mail Transfer Protocol
A stream with a field of packet type.
A record each time an SMTP command and the corresponding response have been paired.
The tool locates SMTP handshakes and starts extracting from the TCP session. Each time a command has been paired with a response, it will output a record of the event.
Controls the port on which SMTP traffic is detected. The most common value (and the default) is 25, but in some scenarios, SMTP traffic may be exchanged on non-standard ports. Set this value to zero to look for SMTP traffic on all ports
This option controls whether the body of the email is included as part the output record. The body is truncated to fit into a string of 512 chars. Email headers are discarded.
Controls whether the entire mail body is included as part of the record. The full mail including headers and any attachments is captured. This has a significantly increase the resource usage of the tool.