Page 1 of 1

http and smtp reconstruct

Posted: Thu Mar 10, 2011 4:21 pm
by rhawk301
I have been reading how to do this, and still cannot figure it out.

How can I be looking at the list of packets, and click on something that will "follow the tcp stream" and just show me the related packets to that transaction?

I would also like to be able and click on a decode button of some sort that will show me the e-mail or http page in question up on the screen.

thanks.

RE: http and smtp reconstruct

Posted: Fri Mar 11, 2011 9:09 am
by DJWP
You can right click in the packets view and select Decode Reassembled PDU. This is limited to 200 packets.

If you have OmniPeek Enterprise, you can enable the Web Views, which will give you detailed information on HTTP streams.

If you own maintenance on your software, you can go to your MyPeek account and download the WatchMe plugin which will show the web pages being viewed on the network.

RE: RE: http and smtp reconstruct

Posted: Fri Mar 11, 2011 10:08 am
by rhawk301
With SMTP traffic what I see is all the traffic re-assembled, but in the decode view, not as an e-mail should look. I actually want to view the e-mail as it came in, either using the html view or something similiar to when I open Outlook. Does Omnipeek have a feature to export an e-mail conversation to an e-mail program or viewer?

If I use the "Expert/Application/Mail" and look at the mail conversation that way, it decodes it into nice separated sections, but I still cannot view the html inside the e-mail unless I copy/paste into an html file and view using a browser.

I was just hoping there was an email "button" that would display my packets as an e-mail would look.


thanks.

RE: RE: RE: http and smtp reconstruct

Posted: Fri Mar 11, 2011 1:49 pm
by DJWP
At the present time, there is not a way to do this in OmniPeek. You may want to document it in the Feature Request forum-