Knowledge Base
cancel
Showing results for 
Search instead for 
Did you mean: 

Troubleshooting sending emails using WireShark

Issue

Sometimes just looking at the error message you get from e.g. TAC Vista or SmartStruxure when you try to send an email and it fails can lack information.

Environment

TAC Vista

SmartStruxure

WireShark

Cause

It is not necessarily all SMTP error messages and their explanation that are implemented in the software.

Resolution

For general information on WireShark usage read Lessons Learned Article #5133

If McAfee antivirus with HIPS is installed on the PC, use RawCap to capture the communication, as you will not see traffic originating from your PC online in WireShark.

Additional reference for this article: Enhanced SMTP status codes

 

First of all when working with WireShark logs, it's a good idea to filter and focus the communication type you want to look at. In this case it's SMTP, so simply type smtp in the display filter and hit enter.

 

The easiest way to isolate a single smtp "conversation" between client and server, is to find one of the packets in the conversation, and in the "Analyze" menu click on "Follow TCP Stream".

 

This will give you the complete conversation in a separate window.

 

When you have used "Follow TCP Stream" be sure to set the display filter to "smtp" again when closing the window.

 

This is what happens if authentication is needed by the SMTP server but the client is not using authentication.

 

Here is the same attempt to send an email, but this time the client has enabled authentication

 

A little trick when using authentication is that WireShark can actually decrypt the Base64 encoded username and password. Simply right click on any SMTP packet, click "Protocol Preferences" and click "Decrypt AUTH parameters".

 

He are the packets decrypted

 

An error not easily detected by e.g. TAC Vista is error 535 "Incorrect authentication data". As stated in the enhanced status code table linked above, it simply means that either username, password or both is incorrect.

 

Though the product used may not have support for SSL and TLS, you can encounter SMTP server requiring it.

Here is an example of a SMTP requesting SSL

 

 

For further info on troubleshooting sending emails from TAC Vista, please read Lessons Learned Article #3663

Tags (1)
Version history
Revision #:
2 of 2
Last update:
2 weeks ago
Updated by:
 
Contributors