Important filters
The following filters can be used to detect any problem/errors in e-mail communications:
smtp.response.code >= 400 pop.response.indicator == "-ERR"
Display filters to look for e-mail credentials are as follows:
pop.request.command == "USER" || pop.request.command == "PASS" imap.request contains "login" smtp.req.command == "AUTH"
Get Wireshark Network Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.