Dear Goitom, My understanding is that SMTP (http://www.ietf.org/rfc/rfc2821.txt) is only the envelope and the fields you are looking for are in IMF (http://www.ietf.org/rfc/rfc2822.txt). Also see, http://wiki.wireshark.org/IMF.
So, in general, if I am looking for these fields in particular, I would expect to find them in the message and not on the envelope :-) If I am mistaken, I am sure someone will correct me. Regards, Abhik. On Thu, Jun 12, 2008 at 11:04 AM, goitom kahsay <[EMAIL PROTECTED]> wrote: > Dear Abhik, > > Thank you very much for your help. > > But, do you think IMF packet always exist in all smtp > conversations? Because i need to extract these parameters from all SMTP > email communications. > > > Thank you in advance. > > with best regards, > > > On Wed, Jun 11, 2008 at 11:19 PM, Abhik Sarkar <[EMAIL PROTECTED]> > wrote: >> >> Hi Goitom, >> >> I am not sure if you still have two requirements as you had earlier >> (one for extraction of the from, to, subject and date fields and one >> for display of these in a separate diaglog), but as I have suggested >> before, I think you are better off using the IMF dissector instead of >> the SMTP dissector. The IMF dissector supports extraction of all these >> fields already. >> >> So, if you want to setup the tap, I think you are better off tapping >> IMF. I think the best place would be in the "while(!last_field)" loop >> in the dissect_imf function of epan/packet-imf.c. Just compare the >> value of "key" against "from", "to", "subject" and "date" (after the >> part the key has been converted to lower case) and you are on your >> way! >> >> If you want to display the records in a dialog, you will probably want >> to base the dialog off the expert infos dialog (Analyze > Expert >> Info). You can have columns for Frame number, From, To, Subject and >> Date. Or, as I have suggested before, you can use the custom columns >> feature (see the attached screenshot with a sample file from the WS >> wiki). >> >> Unless you have some very specific requirements, I think the above >> should work for you. I honestly hope this is of some help. >> >> Good luck! >> Abhik >> PS: While researching this, I came across a bug >> (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2595) in the SMTP >> dissector, so be sure to have your coloring rules turned on. >> >> On Tue, Jun 10, 2008 at 9:54 PM, goitom kahsay <[EMAIL PROTECTED]> >> wrote: >> > Dear Steve, >> > >> > Thank you very much for you help. >> > Yes, I created gtk/export_object_smtp.c ,gtk/export_object2.c, >> > export_object2.h and packet-smtp.h similar to gtk/export_object_http.c >> > ,gtk/export_object.c,export_object.h and packet-http.h. and it >> > dissplays >> > some thing unreadable characters. >> > >> > But i doubt about retrieving the parameters from the >> > packet-smtp.c(dissect_smtp_data) fuction which is used to display the >> > data >> > line by line to the protocol tree. Do u think it is possible to >> > retrieve >> > these value from that function using tap mechanism? >> > >> > Thank u in advance. >> > with best regards, >> > >> > On Mon, Jun 9, 2008 at 9:10 PM, Stephen Fisher >> > <[EMAIL PROTECTED]> >> > wrote: >> >> >> >> On Fri, Jun 06, 2008 at 09:03:43PM +0300, goitom kahsay wrote: >> >> >> >> > I retrieved the parameters from the packet-smtp.c /dissect_smtp_data >> >> > fuction which is used to display the data line by line at the >> >> > protocol >> >> > tree. i used a tap mechanism as follows. >> >> >> >> > But, the content of the parameter doesnot display on the GUI. Please >> >> > can u help me any idea how to solve this problem. * >> >> >> >> Did you also create a gtk/export_object_smtp.c similar to >> >> gtk/export_object_http.c and also add the new functions in >> >> export_object_smtp.c to the File - Export - Objects menu as "SMTP" ? >> >> >> >> >> >> Steve >> >> >> >> _______________________________________________ >> >> Wireshark-dev mailing list >> >> Wireshark-dev@wireshark.org >> >> https://wireshark.org/mailman/listinfo/wireshark-dev >> > >> > >> > >> > -- >> > Benice2all >> > _______________________________________________ >> > Wireshark-dev mailing list >> > Wireshark-dev@wireshark.org >> > https://wireshark.org/mailman/listinfo/wireshark-dev >> > >> > >> >> _______________________________________________ >> Wireshark-dev mailing list >> Wireshark-dev@wireshark.org >> https://wireshark.org/mailman/listinfo/wireshark-dev >> > > > > -- > Benice2all > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@wireshark.org > https://wireshark.org/mailman/listinfo/wireshark-dev > > _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
