Answer the question
In order to leave comments, you need to log in
What is the best way to determine that received packets came via SMTP?
Good afternoon!
I'm writing a packet sniffer. The idea is this: the sniffer captures any packets using Pcap. Next, you need to determine which protocol was used. For example, SMTP.
Is there any alternative way of identifying the protocol other than checking which port the packets came on?
Answer the question
In order to leave comments, you need to log in
Look
aside en.wikipedia.org/wiki/Deep_packet_inspection#Software
only metadata will remain for analysis - protocol number and port number.
Check by signatures, that is, by the contents of packages.
But who in their right mind would use SMTP without TLS in 2014?
And yes, have you heard of WireShark?
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question