For this example, we use the SMTP sample capture file downloaded from the Wireshark samples link at the beginning of this section.
I've created a case with the following details as seen in the Session Data section of the following screenshot:
- Case name: SMTP
- Session name: SMTPfile
Looking at the lower right corner of the screen we can see that there is an item in the Unread field of the Emails category:
Knowing that we are analyzing and investigating emails, we can go directly to the Mail menu and Email sub-menu on the left of the interface. This shows us that an email with no subject was sent by [email protected] to [email protected]. Click the -(no subject)- field to examine the email further:
After clicking the -(no subject)- field, we can now see the contents of the email:
