On Wed, 14 Nov 2007, Jason Fesler wrote:
Any hint on how to use tcpdump to only grab the interesting parts?
tcpdump port 143
or whatever.
My knowledge of tcpdump is very limited and I only seem to be able to get a
lot of noise out of it.
Look at ngrep - it lets you use both tcpdump expressions, *and* further
filter by regular expression. And, it shows ascii output instead of all the
hex crap - makes it a lot easier to follow ascii based protocols.
Either way, you'll want to disable SSL on the client, so that you can see the
traffic properly. :-)
Though I've not tried ngrep (Thanks!), I've found Wireshark (formerly
Ethereal) to be incredibly easy to use for these types of tasks.
In Wireshark, you'd just start a capture and filter it to:
protocol = imap
Best,
Ben
