OmniPeek Support

http and smtp reconstruct

rhawk301
Posts: 2
Joined: Thu Mar 10, 2011 4:00 pm

http and smtp reconstruct

Postby rhawk301 » Thu Mar 10, 2011 4:21 pm

I have been reading how to do this, and still cannot figure it out.

How can I be looking at the list of packets, and click on something that will "follow the tcp stream" and just show me the related packets to that transaction?

I would also like to be able and click on a decode button of some sort that will show me the e-mail or http page in question up on the screen.

thanks.

DJWP
Posts: 682
Joined: Tue Oct 30, 2007 11:42 am

RE: http and smtp reconstruct

Postby DJWP » Fri Mar 11, 2011 9:09 am

You can right click in the packets view and select Decode Reassembled PDU. This is limited to 200 packets.

If you have OmniPeek Enterprise, you can enable the Web Views, which will give you detailed information on HTTP streams.

If you own maintenance on your software, you can go to your MyPeek account and download the WatchMe plugin which will show the web pages being viewed on the network.

rhawk301
Posts: 2
Joined: Thu Mar 10, 2011 4:00 pm

RE: RE: http and smtp reconstruct

Postby rhawk301 » Fri Mar 11, 2011 10:08 am

With SMTP traffic what I see is all the traffic re-assembled, but in the decode view, not as an e-mail should look. I actually want to view the e-mail as it came in, either using the html view or something similiar to when I open Outlook. Does Omnipeek have a feature to export an e-mail conversation to an e-mail program or viewer?

If I use the "Expert/Application/Mail" and look at the mail conversation that way, it decodes it into nice separated sections, but I still cannot view the html inside the e-mail unless I copy/paste into an html file and view using a browser.

I was just hoping there was an email "button" that would display my packets as an e-mail would look.


thanks.

DJWP
Posts: 682
Joined: Tue Oct 30, 2007 11:42 am

RE: RE: RE: http and smtp reconstruct

Postby DJWP » Fri Mar 11, 2011 1:49 pm

At the present time, there is not a way to do this in OmniPeek. You may want to document it in the Feature Request forum-


Return to “OmniPeek Support”

Who is online

Users browsing this forum: No registered users and 2 guests