I am debugging a problem with my Azure VM Windows server receiving SMTP from the Internet, and want to use Wireshark to show ONLY SMTP. I would also like to use Wireshark to show the contents of the SMTP message to see if it is what I sent.
I cannot figure out, nor find help, on just simply making Wireshark show only SMTP. Wireshark doc says to set filter to SMTP, but that does not work for me.
31 Answer
You can also use the port filtering for this. Since, SMTP has port number of 25. So you can use this to set the filter. This can be something like this:tcp.port eq 25
And this should also have worked for you. use this in your capture filter:
tcp port smtp
Also if you want to just see what you have sent then you can use the filter with your IP address like:
ip.src==192.168.1.12
Here in this case, 192.168.1.12 is my IP address, i.e., source IP address. You can certainly combine them too and this will look like:
(ip.src==192.168.1.12) and (tcp.port eq 25)
